[SOLVED] [Win7SP1HomePre x64] CBS & SFC t.d.c. count: 96; SURT t.d.count: 27.

Thanks. Please do the following.

Step#1 - SFCFix Script
Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

  1. Download SFCFix.exe (by niemiro) and save this to your Desktop. If you still have this on your desktop from downloading previously, you don't need to re-download.
  2. Download SFCFix.zip, and save this to your Desktop. Ensure that this file is named SFCFix.zip - do not rename it.
  3. Save any open documents and close all open windows.
  4. On your Desktop, you should see two files: SFCFix.exe and SFCFix.zip.
  5. Drag the file SFCFix.zip onto the file SFCFix.exe and release it.
  6. SFCFix will now process the script.
  7. Upon completion, a file should be created on your Desktop: SFCFix.txt.
  8. Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this file into your next post for me to analyse please
 
SFCFix version 3.0.0.0 by niemiro.
Start time: 2017-07-19 22:40:18.439
Microsoft Windows 7 Service Pack 1 - amd64
Using .zip script file at C:\Users\Coastmom\Desktop\SFCFix.zip [0]




PowerCopy::
Successfully took permissions for file or folder C:\Windows\Winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7
Successfully took permissions for file or folder C:\Windows\Winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_11.2.9600.17207_none_470d379fc31eb3e5
Successfully took permissions for file or folder C:\Windows\Winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_11.2.9600.17207_none_470d379fc31eb3e5\ieframe.ptxml

Successfully copied file C:\Users\Coastmom\AppData\Local\niemiro\Archive\Winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntkrnlpa.exe to C:\Windows\Winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntkrnlpa.exe.
Successfully copied file C:\Users\Coastmom\AppData\Local\niemiro\Archive\Winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntoskrnl.exe to C:\Windows\Winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntoskrnl.exe.
Successfully copied file C:\Users\Coastmom\AppData\Local\niemiro\Archive\Winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_11.2.9600.17207_none_470d379fc31eb3e5\ieframe.dll to C:\Windows\Winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_11.2.9600.17207_none_470d379fc31eb3e5\ieframe.dll.
Successfully copied file C:\Users\Coastmom\AppData\Local\niemiro\Archive\Winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_11.2.9600.17207_none_470d379fc31eb3e5\ieframe.ptxml to C:\Windows\Winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_11.2.9600.17207_none_470d379fc31eb3e5\ieframe.ptxml.
Successfully copied file C:\Users\Coastmom\AppData\Local\niemiro\Archive\Winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_11.2.9600.17207_none_470d379fc31eb3e5\ieui.dll to C:\Windows\Winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_11.2.9600.17207_none_470d379fc31eb3e5\ieui.dll.

Successfully restored ownership for C:\Windows\Winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7
Successfully restored permissions on C:\Windows\Winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7
Successfully restored ownership for C:\Windows\Winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_11.2.9600.17207_none_470d379fc31eb3e5
Successfully restored permissions on C:\Windows\Winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_11.2.9600.17207_none_470d379fc31eb3e5
Successfully restored ownership for C:\Windows\Winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_11.2.9600.17207_none_470d379fc31eb3e5\ieframe.ptxml
Successfully restored permissions on C:\Windows\Winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_11.2.9600.17207_none_470d379fc31eb3e5\ieframe.ptxml
PowerCopy:: directive completed successfully.




Successfully processed all directives.
SFCFix version 3.0.0.0 by niemiro has completed.
Currently storing 6 datablocks.
Finish time: 2017-07-19 22:40:34.952
Script hash: KJGqzWS5poYybCo2+A8bKn4fynbJA58RoogW5+vFod8=
----------------------EOF-----------------------
 
Thanks. Please do the following.

Step#1 - System Update Readiness Tool (SUR)
1. Download and run the following file.
2. When it asks you if you wish to install, please answer yes. Note: It could take 15 minutes or more to run. Please don't cancel.
3. You will get an Installation Complete screen when it's done running.
4. Please attach the log from the following location. C:\Windows\Logs\CBS\CheckSUR.log
Please Note:: if the file is too big to upload to your next post please upload via a service such as Dropbox or One Drive or SendSpace and just provide the link.
 
Here's the log. Looks like NO ERRORS?? Wow.

If all is well now, how can I avoid or minimize all this corruption happening in the future (can I??)
 

Attachments

We still have some work to do though. We need to remove the conflict your system has when booted normally. Before we do however I would like to do one more check.

SFC Scan


  1. Click on the Start button and in the search box, type Command Prompt
  2. When you see Command Prompt on the list, right-click on it and select Run as administrator
  3. When command prompt opens, copy and paste the following commands into it, press enter after each

    sfc /scannow

    Wait for this to finish before you continue

    copy %windir%\logs\cbs\cbs.log %userprofile%\Desktop\cbs.txt
  4. This will create a file, cbs.txt on your Desktop. Please attach this to your next post.

Please Note:: if the file is too big to upload to your next post please upload via a service such as Dropbox or One Drive or SendSpace and just provide the link.
 
I can't get that command to work (tried 3 times, keep getting syntax errors), but sfc returned this on the command line after completion:

"Windows Resource Protection did not find any integrity violations."

Will return in several hours (going to work). Thank you so much for your help. I will definitely be donating to sysnative...
 
Please do the following.

FRST Scan

1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.
 
Will put logs in two messages.
FRST.txt:
**********************
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2017
Ran by Coastmom (administrator) on COASTMOM-HP (21-07-2017 08:49:50)
Running from C:\Users\Coastmom\Desktop
Loaded Profiles: Coastmom (Available Profiles: Coastmom & Chiara & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(brother Industries Ltd) C:\Windows\SysWOW64\BRSVC01A.EXE
(brother Industries Ltd) C:\Windows\SysWOW64\BRSS01A.EXE
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Algorithmic Research Ltd.) C:\Program Files\ARX\ARX CryptoKit\utils\ARcltsrv.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Code 42 Software) C:\Program Files (x86)\CrashPlan\CrashPlanService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.10.0.83\n360.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(NCH Software) C:\Program Files (x86)\NCH Software\WebDictate\webdictate.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Code 42 Software, Inc.) C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.10.0.83\n360.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.10.0.83\conathst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\msiexec.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel(R) Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [569200 2011-02-18] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [GrooveMonitor] => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
HKLM-x32\...\Run: [CrashPlanTray] => C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe [462808 2017-06-08] (Code 42 Software, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1459357452-663562519-2726307472-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1459357452-663562519-2726307472-1000\...\Run: [Google Update] => C:\Users\Coastmom\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-05-03] (Google Inc.)
HKU\S-1-5-21-1459357452-663562519-2726307472-1000\...\Run: [DW6] => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
HKU\S-1-5-21-1459357452-663562519-2726307472-1000\...\RunOnce: [Uninstall C:\Users\Coastmom\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Coastmom\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-1459357452-663562519-2726307472-1000\...\RunOnce: [Uninstall C:\Users\Coastmom\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Coastmom\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64"
HKU\S-1-5-21-1459357452-663562519-2726307472-1000\...\RunOnce: [Uninstall C:\Users\Coastmom\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Coastmom\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"
HKU\S-1-5-21-1459357452-663562519-2726307472-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1459357452-663562519-2726307472-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1459357452-663562519-2726307472-1000\...\MountPoints2: {4fcc5994-9edd-11e3-bbf5-64315098ab9f} - G:\setup.exe -a
HKU\S-1-5-21-1459357452-663562519-2726307472-1000\...\MountPoints2: {9c6cd1ba-3a05-11e6-bd88-64315098ab9f} - F:\Startme.exe
HKU\S-1-5-21-1459357452-663562519-2726307472-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Norton Download Manager{N360P211018-SHPD-FSD40014}] => C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe /m
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
GroupPolicy\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-1459357452-663562519-2726307472-1004\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 4.4.4.4 8.8.8.8
Tcpip\..\Interfaces\{93E30D0E-D5A2-4784-97A6-DEDBBB44AC22}: [NameServer] 37.221.175.198,95.169.183.219
Tcpip\..\Interfaces\{A84C2FA2-0167-4E5B-98EA-1C304F99BB7F}: [DhcpNameServer] 4.4.4.4 8.8.8.8
Tcpip\..\Interfaces\{E603462D-D3C0-495A-86B8-D2E024D1ECFA}: [DhcpNameServer] 24.25.5.149 24.25.5.150 96.10.7.16

Internet Explorer:
==================
HKU\S-1-5-21-1459357452-663562519-2726307472-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.norton.com/?prt=nsbu&chn=1000&geo=us&ver=22&locale=en_us&guid=e9f38490-4d80-40d7-8d4c-c2a4d91290d3&doi=2015-10-03&o=APN11915
HKU\S-1-5-21-1459357452-663562519-2726307472-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-1459357452-663562519-2726307472-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-1459357452-663562519-2726307472-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxps://webcis.unch.unc.edu/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM -> {FC9FA277-ECDA-42EA-B54A-BB6512172A89} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {FC9FA277-ECDA-42EA-B54A-BB6512172A89} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1459357452-663562519-2726307472-1000 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1000&geo=US&ver=22.10.0.83&locale=en_US&guid=E9F38490-4D80-40D7-8D4C-C2A4D91290D3&doi=2015-07-31&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1459357452-663562519-2726307472-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1459357452-663562519-2726307472-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-1459357452-663562519-2726307472-1000 -> {7A135D99-1C23-422F-B8F4-F7666FEAE820} URL = hxxp://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1459357452-663562519-2726307472-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1000&geo=US&ver=22.10.0.83&locale=en_US&guid=E9F38490-4D80-40D7-8D4C-C2A4D91290D3&doi=2015-07-31&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1459357452-663562519-2726307472-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-1459357452-663562519-2726307472-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1459357452-663562519-2726307472-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1459357452-663562519-2726307472-1000 -> {FC9FA277-ECDA-42EA-B54A-BB6512172A89} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-07] (Microsoft Corporation)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.10.0.83\coIEPlg.dll [2017-06-30] (Symantec Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-02-18] (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-07-07] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-04-07] (HP Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine32\22.10.0.83\coIEPlg.dll [2017-06-30] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-02-18] (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll => No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-07-07] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-04-07] (HP Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.10.0.83\coIEPlg.dll [2017-06-30] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine32\22.10.0.83\coIEPlg.dll [2017-06-30] (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
DPF: HKLM-x32 {4912ED81-BD9F-485E-86CA-BD62EC957435} hxxps://soarianprod.unch.unc.edu/C6WA1_020558005_UNCH_p_htm_25//sframe/IETools.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL No File
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Coastmom\AppData\Roaming\Mozilla\Firefox\Profiles\8fsisjfa.default-1442799565872 [2017-07-21]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\8fsisjfa.default-1442799565872 -> Google
FF Homepage: Mozilla\Firefox\Profiles\8fsisjfa.default-1442799565872 -> hxxps://search.norton.com?o=APN12179&prt=SSS&chn=store&ver=1.0.1.5&tpr=111&guid=8e7b2ba9-2a92-4d70-e959-d816e33ee907&doi=2017-7-10
FF Session Restore: Mozilla\Firefox\Profiles\8fsisjfa.default-1442799565872 -> is enabled.
FF Extension: (Norton Identity Safe) - C:\Users\Coastmom\AppData\Roaming\Mozilla\Firefox\Profiles\8fsisjfa.default-1442799565872\Extensions\idsafe@norton.com.xpi [2017-06-03]
FF Extension: (Norton Safe Search) - C:\Users\Coastmom\AppData\Roaming\Mozilla\Firefox\Profiles\8fsisjfa.default-1442799565872\Extensions\nortonsafesearch@symantec.com.xpi [2017-07-10]
FF SearchPlugin: C:\Users\Coastmom\AppData\Roaming\Mozilla\Firefox\Profiles\8fsisjfa.default-1442799565872\searchplugins\safesearch.xml [2015-10-02]
FF Extension: (TrueSuite Website Logon) - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2016-11-21] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-11-21] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-11-21] [not signed]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2017-07-10]
FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.9.5.29\coFFFw => not found
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: (FiddlerHook) - C:\Program Files (x86)\Fiddler2\FiddlerHook [2014-05-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-09-29] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF HKU\S-1-5-21-1459357452-663562519-2726307472-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2016-11-07] (Citrix Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-06-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1459357452-663562519-2726307472-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Coastmom\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1459357452-663562519-2726307472-1000: @talk.google.com/O1DPlugin -> C:\Users\Coastmom\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1459357452-663562519-2726307472-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Coastmom\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-1459357452-663562519-2726307472-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Coastmom\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2009-09-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2009-09-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2009-09-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2009-09-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2009-09-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2009-09-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2009-09-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2009-09-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2009-09-12] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2009-08-14] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2009-09-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Coastmom\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Coastmom\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Profile 2
CHR DefaultSearchURL: Profile 2 -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908&prt=cr
CHR DefaultSearchKeyword: Profile 2 -> NortonSafe
CHR DefaultSuggestURL: Profile 2 -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
CHR Session Restore: Profile 2 -> is enabled.
CHR Profile: C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Default [2015-04-11]
CHR Extension: (Google Slides) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-02]
CHR Extension: (Google Docs) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-02]
CHR Extension: (Google Drive) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-02]
CHR Extension: (YouTube) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-02]
CHR Extension: (Google Search) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-02]
CHR Extension: (Google Sheets) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-02]
CHR Extension: (Norton Identity Safe) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-04-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-02]
CHR Extension: (Norton Security Toolbar) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-04-02]
CHR Extension: (Google Wallet) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-02]
CHR Extension: (Gmail) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR Profile: C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 1 [2015-04-14]
CHR Extension: (Google Slides) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-11]
CHR Extension: (Google Docs) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-11]
CHR Extension: (Google Drive) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-11]
CHR Extension: (YouTube) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-11]
CHR Extension: (Google Search) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-11]
CHR Extension: (Google Sheets) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-11]
CHR Extension: (Norton Identity Safe) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-04-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-11]
CHR Extension: (Norton Security Toolbar) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-04-11]
CHR Extension: (Google Wallet) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-11]
CHR Extension: (Gmail) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-11]
CHR Profile: C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 2 [2016-08-06]
CHR Extension: (Google Slides) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-14]
CHR Extension: (Google Docs) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-14]
CHR Extension: (Google Drive) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-24]
CHR Extension: (YouTube) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-10]
CHR Extension: (Norton Security Toolbar) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-08-06]
CHR Extension: (Google Search) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-24]
CHR Extension: (Google Sheets) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-14]
CHR Extension: (Google Docs Offline) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-06]
CHR Extension: (Norton Identity Safe) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-04-14]
CHR Extension: (Messages Saver) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kflkdhmijdgjnlbdkfgdmolcjnflmlhf [2016-08-06]
CHR Extension: (EXIF Viewer) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nafpfdcmppffipmhcpkbplhkoiekndck [2016-08-06]
CHR Extension: (Norton Safe) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-08-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-06]
CHR Extension: (Gmail) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-14]
CHR Extension: (Chrome Media Router) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-06]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.10.0.83\Exts\Chrome.crx [2017-07-10]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-02-11]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.10.0.83\Exts\Chrome.crx [2017-07-10]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - <no Path/update_url>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 ARcltsrv; C:\Program Files\ARX\ARX CryptoKit\utils\ARcltsrv.exe [117856 2010-12-12] (Algorithmic Research Ltd.)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [63968 2015-05-21] (CyberGhost S.R.L)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4411584 2017-07-02] (Microsoft Corporation)
R2 CrashPlanService; C:\Program Files (x86)\CrashPlan\CrashPlanService.exe [221656 2017-06-08] (Code 42 Software)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Users\Coastmom\AppData\Local\Temp\7zS2A30\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed] <==== ATTENTION
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321056 2017-06-01] (HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-04] (Realsil Microelectronics Inc.) [File not signed]
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2011-06-30] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2011-06-30] (Alcatel-Lucent) [File not signed]
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.10.0.83\N360.exe [326144 2017-06-30] (Symantec Corporation)
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-11-14] (NETGEAR)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 WebDictateService; C:\Program Files (x86)\NCH Software\WebDictate\webdictate.exe [913592 2016-03-11] (NCH Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Bsecure; C:\Program Files (x86)\AVG\AVG Family Safety\InetCtrl.exe [X]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20170717.001\BHDrvx64.sys [1862816 2017-06-28] (Symantec Corporation)
S3 BSecACFltr; C:\Windows\System32\DRIVERS\BSecACFltr.sys [22832 2011-06-14] () [File not signed]
S3 BSecACFltr; C:\Windows\SysWOW64\DRIVERS\BSecACFltr.sys [21624 2011-06-14] ()
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\160A000.053\ccSetx64.sys [187520 2017-06-30] (Symantec Corporation)
R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508032 2017-06-29] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [158336 2017-06-29] (Symantec Corporation)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2016-06-26] (Sony Mobile Communications)
S3 ICDUSB3; C:\Windows\System32\Drivers\ICDUSB3.sys [13312 2008-08-18] (Sony Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20170719.002\IDSvia64.sys [1056920 2017-07-18] (Symantec Corporation)
S3 motport; C:\Windows\System32\DRIVERS\motport.sys [31744 2013-03-19] (Motorola Mobility Inc)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-05-05] (CACE Technologies, Inc.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\160A000.053\SRTSP64.SYS [810136 2017-06-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\160A000.053\SRTSPX64.SYS [49304 2017-06-30] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\160A000.053\SYMEFASI64.SYS [1868416 2017-06-30] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102568 2017-07-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\160A000.053\Ironx64.SYS [301288 2017-06-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\160A000.053\SYMNETS.SYS [566912 2017-06-30] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-21 08:49 - 2017-07-21 08:57 - 00047411 _____ C:\Users\Coastmom\Desktop\FRST.txt
2017-07-21 08:49 - 2017-07-21 08:49 - 00000000 ____D C:\FRST
2017-07-21 08:46 - 2017-07-21 08:45 - 02382336 _____ (Farbar) C:\Users\Coastmom\Desktop\FRST64.exe
2017-07-21 08:45 - 2017-07-21 08:45 - 02382336 _____ (Farbar) C:\Users\Coastmom\Downloads\FRST64.exe
2017-07-19 22:40 - 2017-07-19 22:40 - 00006792 _____ C:\Users\Coastmom\Desktop\SFCFix.txt
2017-07-19 22:34 - 2017-07-19 22:33 - 10101333 _____ C:\Users\Coastmom\Desktop\SFCFix.zip
2017-07-19 22:32 - 2017-07-19 22:33 - 10101333 _____ C:\Users\Coastmom\Downloads\SFCFix(2).zip
2017-07-19 14:05 - 2017-07-19 14:05 - 03157335 _____ C:\Users\Coastmom\Documents\Bob Cline letter 1974.pdf
2017-07-16 13:53 - 2017-07-16 13:53 - 00000000 ____D C:\New folder (11)
2017-07-16 12:23 - 2017-07-16 12:23 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2017-07-14 07:32 - 2017-07-14 07:32 - 00116356 _____ C:\Users\Coastmom\Downloads\SFCFix(1).zip
2017-07-12 15:24 - 2017-06-30 00:15 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-07-12 15:24 - 2017-06-29 23:32 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-07-12 15:24 - 2017-06-29 22:57 - 02319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-12 15:24 - 2017-06-29 22:57 - 02058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-07-12 15:24 - 2017-06-29 22:39 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-12 15:24 - 2017-06-29 22:38 - 01363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-07-12 15:24 - 2017-06-29 02:27 - 25734656 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-12 15:24 - 2017-06-29 02:02 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-12 15:24 - 2017-06-29 01:50 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-12 15:24 - 2017-06-29 01:44 - 05975552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-12 15:24 - 2017-06-29 01:43 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-07-12 15:24 - 2017-06-29 01:23 - 20270592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-07-12 15:24 - 2017-06-29 01:23 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-07-12 15:24 - 2017-06-29 00:58 - 15253504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-12 15:24 - 2017-06-29 00:53 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-12 15:24 - 2017-06-29 00:52 - 04549632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-07-12 15:24 - 2017-06-29 00:43 - 13663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-07-12 15:24 - 2017-06-29 00:41 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-12 15:24 - 2017-06-29 00:28 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-07-12 15:24 - 2017-06-29 00:24 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-07-12 15:24 - 2017-06-22 10:58 - 03223040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-12 15:24 - 2017-06-15 16:23 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-12 15:24 - 2017-06-12 18:54 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-07-12 15:24 - 2017-06-12 18:49 - 01363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-12 15:24 - 2017-06-12 18:49 - 00731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-12 15:24 - 2017-06-12 18:49 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2017-07-12 15:24 - 2017-06-12 18:49 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2017-07-12 15:24 - 2017-06-12 18:29 - 01227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-12 15:24 - 2017-06-12 18:29 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-07-12 15:24 - 2017-06-12 18:28 - 00554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-12 15:24 - 2017-06-12 18:28 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2017-07-12 15:24 - 2017-06-12 18:14 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-12 15:24 - 2017-06-12 18:06 - 00303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-12 15:24 - 2017-06-10 11:59 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-12 15:24 - 2017-06-10 11:39 - 00271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-12 15:24 - 2017-06-09 11:33 - 01680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-12 15:24 - 2017-06-06 11:30 - 01867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-12 15:24 - 2017-06-06 11:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-12 15:24 - 2017-05-30 00:56 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-12 15:24 - 2017-05-16 11:35 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-12 15:23 - 2017-07-06 00:56 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2017-07-12 15:23 - 2017-06-29 22:57 - 02222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-12 15:23 - 2017-06-29 22:57 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-07-12 15:23 - 2017-06-29 22:57 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-07-12 15:23 - 2017-06-29 22:57 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-07-12 15:23 - 2017-06-29 22:57 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-07-12 15:23 - 2017-06-29 22:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-07-12 15:23 - 2017-06-29 22:57 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-07-12 15:23 - 2017-06-29 22:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-07-12 15:23 - 2017-06-29 22:40 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-07-12 15:23 - 2017-06-29 22:40 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-07-12 15:23 - 2017-06-29 22:39 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-07-12 15:23 - 2017-06-29 22:38 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-12 15:23 - 2017-06-29 22:38 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-07-12 15:23 - 2017-06-29 22:38 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-07-12 15:23 - 2017-06-29 22:38 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-07-12 15:23 - 2017-06-29 22:38 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-07-12 15:23 - 2017-06-29 22:38 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-07-12 15:23 - 2017-06-29 22:38 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-07-12 15:23 - 2017-06-29 22:27 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-07-12 15:23 - 2017-06-29 22:27 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-07-12 15:23 - 2017-06-29 22:26 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-07-12 15:23 - 2017-06-29 22:26 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-07-12 15:23 - 2017-06-29 02:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-07-12 15:23 - 2017-06-29 02:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-07-12 15:23 - 2017-06-29 02:04 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-07-12 15:23 - 2017-06-29 02:03 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-07-12 15:23 - 2017-06-29 02:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-07-12 15:23 - 2017-06-29 02:02 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-07-12 15:23 - 2017-06-29 02:02 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-07-12 15:23 - 2017-06-29 01:55 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-07-12 15:23 - 2017-06-29 01:54 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-07-12 15:23 - 2017-06-29 01:51 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-07-12 15:23 - 2017-06-29 01:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-07-12 15:23 - 2017-06-29 01:50 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-07-12 15:23 - 2017-06-29 01:50 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-07-12 15:23 - 2017-06-29 01:39 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-07-12 15:23 - 2017-06-29 01:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-07-12 15:23 - 2017-06-29 01:31 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-07-12 15:23 - 2017-06-29 01:31 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-07-12 15:23 - 2017-06-29 01:30 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-07-12 15:23 - 2017-06-29 01:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-07-12 15:23 - 2017-06-29 01:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-07-12 15:23 - 2017-06-29 01:23 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-07-12 15:23 - 2017-06-29 01:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-07-12 15:23 - 2017-06-29 01:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-07-12 15:23 - 2017-06-29 01:22 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-07-12 15:23 - 2017-06-29 01:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-07-12 15:23 - 2017-06-29 01:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-07-12 15:23 - 2017-06-29 01:19 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-07-12 15:23 - 2017-06-29 01:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-07-12 15:23 - 2017-06-29 01:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-07-12 15:23 - 2017-06-29 01:14 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-07-12 15:23 - 2017-06-29 01:13 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-07-12 15:23 - 2017-06-29 01:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-07-12 15:23 - 2017-06-29 01:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-07-12 15:23 - 2017-06-29 01:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-07-12 15:23 - 2017-06-29 01:09 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-12 15:23 - 2017-06-29 01:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-07-12 15:23 - 2017-06-29 01:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-07-12 15:23 - 2017-06-29 01:07 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-07-12 15:23 - 2017-06-29 01:05 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-07-12 15:23 - 2017-06-29 01:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-07-12 15:23 - 2017-06-29 01:00 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-07-12 15:23 - 2017-06-29 01:00 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-07-12 15:23 - 2017-06-29 00:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-07-12 15:23 - 2017-06-29 00:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-07-12 15:23 - 2017-06-29 00:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-07-12 15:23 - 2017-06-29 00:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-07-12 15:23 - 2017-06-29 00:48 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-07-12 15:23 - 2017-06-29 00:47 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-07-12 15:23 - 2017-06-29 00:46 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-07-12 15:23 - 2017-06-29 00:46 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-07-12 15:23 - 2017-06-29 00:29 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-12 15:23 - 2017-06-29 00:23 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-07-12 15:23 - 2017-06-12 18:54 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-07-12 15:23 - 2017-06-12 18:54 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-07-12 15:23 - 2017-06-12 18:49 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-07-12 15:23 - 2017-06-12 18:29 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-07-12 15:23 - 2017-06-12 18:29 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-07-12 15:23 - 2017-06-12 18:29 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-07-12 15:23 - 2017-06-12 18:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-07-12 15:23 - 2017-06-12 18:29 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-07-12 15:23 - 2017-06-12 18:29 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-07-12 15:23 - 2017-06-12 18:28 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-07-12 15:23 - 2017-06-12 18:28 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-07-12 15:23 - 2017-06-12 18:28 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-07-12 15:23 - 2017-06-12 18:28 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-07-12 15:23 - 2017-06-12 18:28 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-07-12 15:23 - 2017-06-12 18:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-07-12 15:23 - 2017-06-12 18:28 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-07-12 15:23 - 2017-06-12 18:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-07-12 15:23 - 2017-06-12 18:28 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-07-12 15:23 - 2017-06-12 18:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-07-12 15:23 - 2017-06-12 18:19 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-07-12 15:23 - 2017-06-12 18:14 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2017-07-12 15:23 - 2017-06-12 18:14 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2017-07-12 15:23 - 2017-06-12 18:12 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-07-12 15:23 - 2017-06-12 18:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-07-12 15:23 - 2017-06-12 18:12 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-07-12 15:23 - 2017-06-12 18:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-07-12 15:23 - 2017-06-12 18:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-07-12 15:23 - 2017-06-12 18:06 - 00157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2017-07-12 15:23 - 2017-06-12 18:06 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe
2017-07-12 15:23 - 2017-06-12 18:05 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-07-12 15:23 - 2017-05-30 00:56 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-07-12 15:23 - 2017-05-30 00:56 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-07-12 15:23 - 2017-05-21 00:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-07-12 15:23 - 2017-05-21 00:06 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-07-12 15:23 - 2017-05-16 11:35 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-07-12 15:23 - 2017-05-16 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-07-12 15:19 - 2017-07-12 15:22 - 564744309 _____ C:\Users\Coastmom\Downloads\Windows6.1-KB947821-v34-x64.msu
2017-07-10 09:18 - 2017-07-10 09:18 - 00003208 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2017-07-10 08:47 - 2017-06-12 10:07 - 02884096 _____ (niemiro) C:\Users\Coastmom\Desktop\SFCFix.exe
2017-07-10 08:43 - 2017-07-10 08:43 - 00006151 _____ C:\Users\Coastmom\Downloads\SFCFix.zip
2017-07-09 16:18 - 2017-07-09 16:18 - 00565781 _____ C:\Users\Coastmom\Documents\Ipad apps for AAC July 9 2017 spipadaac-1.pdf
2017-07-09 16:17 - 2017-07-09 16:17 - 00758735 _____ C:\Users\Coastmom\Documents\Post extubation dysphagia July 9 2017 slideshopostextubdysphbartow7-31-14.pdf
2017-07-09 16:16 - 2017-07-09 16:16 - 03425929 _____ C:\Users\Coastmom\Documents\Bolus size evidence review July 9 2107 rizzosupplementalhandouts-1.pdf
2017-07-09 16:15 - 2017-07-09 16:15 - 00079653 _____ C:\Users\Coastmom\Documents\Sensory approach to dysphagia july 9 2017 referenceswallace1-8-15.pdf
2017-07-09 16:14 - 2017-07-09 16:14 - 00237621 _____ C:\Users\Coastmom\Documents\Sensory approach to dysphagia july 9 2017 slideshocntxwallace1-8-15.pdf
2017-07-09 16:13 - 2017-07-09 16:13 - 00378182 _____ C:\Users\Coastmom\Documents\Cranial nerves July 9 2017 neuroanatomy.pdf
2017-07-09 16:12 - 2017-07-09 16:12 - 00193711 _____ C:\Users\Coastmom\Documents\Cranial nerves dysphagia July 9 2017 cndysphslidesh-o.pdf
2017-07-09 16:11 - 2017-07-09 16:11 - 00131468 _____ C:\Users\Coastmom\Documents\Aspriation who gets sick july 9 2017 resourcelist.pdf
2017-07-09 16:10 - 2017-07-09 16:10 - 00775530 _____ C:\Users\Coastmom\Documents\Aspiration who gets sick july 9 2017 aspirationriskslideshomansolillo2-20-14.pdf
2017-07-09 16:09 - 2017-07-09 16:09 - 91705493 _____ C:\Users\Coastmom\Documents\Back to Basics MBSS color July 9 2017 spvideofluoroscopiccolor.pdf
2017-07-09 16:07 - 2017-07-09 16:07 - 03652880 _____ C:\Users\Coastmom\Documents\Back to Basics MBSS July 9 2017 spvideofluoroscopic.pdf
2017-07-09 15:35 - 2017-07-09 15:44 - 00907527 _____ C:\Users\Coastmom\Documents\IC Logic Coventry EE fill-able form-1.pdf
2017-07-07 18:36 - 2017-07-07 18:36 - 00039235 _____ C:\Users\Coastmom\Documents\Mammogram facility Statement_06_21_2017.pdf
2017-07-07 18:35 - 2017-07-07 18:35 - 00035589 _____ C:\Users\Coastmom\Documents\Mammogram MD Statement_06_25_2017-1.pdf
2017-07-07 13:06 - 2017-07-07 13:06 - 00034328 _____ C:\Users\Coastmom\Downloads\Statement_06_21_2017.PDF

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-21 08:48 - 2009-07-13 22:34 - 00000534 _____ C:\Windows\win.ini
2017-07-21 08:42 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-21 08:42 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-21 08:18 - 2016-11-21 17:07 - 00000000 ____D C:\Users\Coastmom\AppData\LocalLow\Mozilla
2017-07-21 08:16 - 2011-07-03 15:06 - 00000439 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-07-21 08:15 - 2011-07-06 15:17 - 00000000 ____D C:\Temp
2017-07-21 08:14 - 2011-06-24 10:35 - 00000000 ____D C:\Users\Coastmom\AppData\LocalLow\AuthenTec
2017-07-21 08:13 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-20 09:47 - 2015-07-30 10:08 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2017-07-20 00:40 - 2011-06-24 11:06 - 00000000 ____D C:\Users\Coastmom\AppData\Local\ElevatedDiagnostics
2017-07-20 00:40 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-07-19 22:47 - 2011-10-21 12:10 - 00000000 ____D C:\Windows\pss
2017-07-19 22:40 - 2017-06-02 16:51 - 00000000 ____D C:\SFCFix
2017-07-19 22:40 - 2017-06-02 16:41 - 00000000 ____D C:\Users\Coastmom\AppData\Local\niemiro
2017-07-19 20:14 - 2016-11-21 10:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-19 20:14 - 2011-06-25 09:45 - 00000000 ____D C:\Program Files (x86)\CrashPlan
2017-07-19 19:12 - 2011-10-30 11:31 - 00000000 ____D C:\Users\Coastmom\AppData\Local\Citrix
2017-07-19 18:57 - 2011-06-24 20:00 - 00000000 ____D C:\Users\Coastmom\Documents\Youcam
2017-07-19 13:41 - 2015-02-02 17:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-07-19 11:33 - 2015-02-02 17:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-19 11:27 - 2015-07-10 12:36 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-19 11:27 - 2015-05-18 07:52 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-07-16 13:55 - 2011-06-24 14:16 - 00000000 ____D C:\Users\Coastmom\AppData\Local\CrashDumps
2017-07-16 13:54 - 2016-07-07 19:05 - 00000000 ____D C:\aa-Vanguard
2017-07-13 10:13 - 2015-03-16 14:56 - 00000000 ____D C:\Program Files\CyberGhost 5
2017-07-13 09:35 - 2015-07-14 11:45 - 00000000 ____D C:\Program Files\Common Files\AV
2017-07-12 17:35 - 2012-06-21 11:16 - 00000000 ____D C:\aa-Dysphagia
2017-07-12 16:43 - 2009-07-14 00:45 - 00448488 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-12 16:31 - 2013-08-14 07:56 - 00000000 ____D C:\Windows\system32\MRT
2017-07-12 16:26 - 2011-06-25 11:24 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-12 10:15 - 2014-10-01 22:51 - 00023501 _____ C:\Windows\BRRBCOM.INI
2017-07-12 10:00 - 2016-10-30 17:04 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-07-12 09:59 - 2016-10-30 17:04 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-07-12 09:59 - 2016-10-30 17:04 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-12 09:59 - 2011-11-16 08:47 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-12 09:59 - 2011-04-03 14:11 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-12 09:32 - 2012-04-27 08:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-10 10:02 - 2015-03-17 11:11 - 00001119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-07-10 10:02 - 2015-03-17 11:11 - 00001107 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-07-10 09:33 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Public\Libraries
2017-07-10 09:19 - 2015-07-30 10:16 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2017-07-10 09:18 - 2013-11-02 19:06 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2017-07-10 09:17 - 2016-07-07 08:19 - 00002184 _____ C:\Users\Public\Desktop\Norton 360.lnk
2017-07-10 09:04 - 2013-11-02 19:08 - 00102568 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2017-07-10 09:04 - 2013-11-02 19:08 - 00008309 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2017-07-07 23:36 - 2012-12-09 20:16 - 00000000 ____D C:\aa-Speech Pathology dot com classes
2017-07-07 13:32 - 2014-10-01 22:55 - 00000000 ____D C:\Program Files (x86)\Browny02
2017-06-29 07:41 - 2015-04-02 22:51 - 00002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-29 07:41 - 2015-04-02 22:51 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-21 13:36 - 2009-07-14 01:13 - 00819142 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-21 13:36 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf

==================== Files in the root of some directories =======

2005-12-08 22:51 - 2005-12-08 22:51 - 0000060 ____R () C:\Program Files (x86)\BRINST.INI
2015-01-28 13:03 - 2017-03-13 11:39 - 0000093 _____ () C:\Users\Coastmom\AppData\Roaming\ARCompanion.log
2013-08-08 09:32 - 2013-08-08 09:32 - 0004096 ____H () C:\Users\Coastmom\AppData\Local\keyfile3.drm
2015-02-19 12:47 - 2015-02-19 12:47 - 0000858 _____ () C:\Users\Coastmom\AppData\Local\recently-used.xbel
2017-06-10 17:46 - 2017-06-10 17:46 - 0000017 _____ () C:\Users\Coastmom\AppData\Local\resmon.resmoncfg
2014-06-15 12:26 - 2014-06-29 08:28 - 0000040 ___SH () C:\ProgramData\.zreglib
2011-12-04 11:09 - 2014-08-25 13:45 - 0000088 __RSH () C:\ProgramData\5C2F8B90C8.sys
2014-09-29 19:06 - 2014-10-15 13:16 - 0002238 _____ () C:\ProgramData\favicon.ico
2011-06-28 10:43 - 2014-09-29 19:57 - 0021362 _____ () C:\ProgramData\hpzinstall.log
2011-12-04 11:09 - 2014-08-25 13:45 - 0000900 ___SH () C:\ProgramData\KGyGaAvL.sys
2017-06-01 22:55 - 2017-06-01 22:55 - 0011246 _____ () C:\ProgramData\SMRResults501.dat

Files to move or delete:
====================
C:\ProgramData\SMRResults501.dat
C:\Users\Chiara\reamote.exe
C:\Users\Chiara\reaper.exe


Some files in TEMP:
====================
2006-10-28 01:14 - 2006-10-28 01:14 - 0145184 ____R (Microsoft Corporation) C:\Users\Coastmom\AppData\Local\Temp\ose00000.exe
2006-05-24 13:10 - 2006-05-24 13:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Coastmom\AppData\Local\Temp\_isC7C3.exe
2006-05-24 13:10 - 2006-05-24 13:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Coastmom\AppData\Local\Temp\_isCF81.exe
2006-05-24 13:10 - 2006-05-24 13:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Coastmom\AppData\Local\Temp\_isFC29.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-20 00:33

==================== End of FRST.txt ============================
 
Will put logs in two messages.
FRST.txt:
**********************
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2017
Ran by Coastmom (administrator) on COASTMOM-HP (21-07-2017 08:49:50)
Running from C:\Users\Coastmom\Desktop
Loaded Profiles: Coastmom (Available Profiles: Coastmom & Chiara & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(brother Industries Ltd) C:\Windows\SysWOW64\BRSVC01A.EXE
(brother Industries Ltd) C:\Windows\SysWOW64\BRSS01A.EXE
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Algorithmic Research Ltd.) C:\Program Files\ARX\ARX CryptoKit\utils\ARcltsrv.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Code 42 Software) C:\Program Files (x86)\CrashPlan\CrashPlanService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.10.0.83\n360.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(NCH Software) C:\Program Files (x86)\NCH Software\WebDictate\webdictate.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Code 42 Software, Inc.) C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.10.0.83\n360.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.10.0.83\conathst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\msiexec.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel(R) Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [569200 2011-02-18] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [GrooveMonitor] => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
HKLM-x32\...\Run: [CrashPlanTray] => C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe [462808 2017-06-08] (Code 42 Software, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1459357452-663562519-2726307472-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1459357452-663562519-2726307472-1000\...\Run: [Google Update] => C:\Users\Coastmom\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-05-03] (Google Inc.)
HKU\S-1-5-21-1459357452-663562519-2726307472-1000\...\Run: [DW6] => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
HKU\S-1-5-21-1459357452-663562519-2726307472-1000\...\RunOnce: [Uninstall C:\Users\Coastmom\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Coastmom\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-1459357452-663562519-2726307472-1000\...\RunOnce: [Uninstall C:\Users\Coastmom\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Coastmom\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64"
HKU\S-1-5-21-1459357452-663562519-2726307472-1000\...\RunOnce: [Uninstall C:\Users\Coastmom\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Coastmom\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"
HKU\S-1-5-21-1459357452-663562519-2726307472-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1459357452-663562519-2726307472-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1459357452-663562519-2726307472-1000\...\MountPoints2: {4fcc5994-9edd-11e3-bbf5-64315098ab9f} - G:\setup.exe -a
HKU\S-1-5-21-1459357452-663562519-2726307472-1000\...\MountPoints2: {9c6cd1ba-3a05-11e6-bd88-64315098ab9f} - F:\Startme.exe
HKU\S-1-5-21-1459357452-663562519-2726307472-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Norton Download Manager{N360P211018-SHPD-FSD40014}] => C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe /m
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
GroupPolicy\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-1459357452-663562519-2726307472-1004\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 4.4.4.4 8.8.8.8
Tcpip\..\Interfaces\{93E30D0E-D5A2-4784-97A6-DEDBBB44AC22}: [NameServer] 37.221.175.198,95.169.183.219
Tcpip\..\Interfaces\{A84C2FA2-0167-4E5B-98EA-1C304F99BB7F}: [DhcpNameServer] 4.4.4.4 8.8.8.8
Tcpip\..\Interfaces\{E603462D-D3C0-495A-86B8-D2E024D1ECFA}: [DhcpNameServer] 24.25.5.149 24.25.5.150 96.10.7.16

Internet Explorer:
==================
HKU\S-1-5-21-1459357452-663562519-2726307472-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.norton.com/?prt=nsbu&chn=1000&geo=us&ver=22&locale=en_us&guid=e9f38490-4d80-40d7-8d4c-c2a4d91290d3&doi=2015-10-03&o=APN11915
HKU\S-1-5-21-1459357452-663562519-2726307472-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-1459357452-663562519-2726307472-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-1459357452-663562519-2726307472-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxps://webcis.unch.unc.edu/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM -> {FC9FA277-ECDA-42EA-B54A-BB6512172A89} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {FC9FA277-ECDA-42EA-B54A-BB6512172A89} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1459357452-663562519-2726307472-1000 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1000&geo=US&ver=22.10.0.83&locale=en_US&guid=E9F38490-4D80-40D7-8D4C-C2A4D91290D3&doi=2015-07-31&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1459357452-663562519-2726307472-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1459357452-663562519-2726307472-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-1459357452-663562519-2726307472-1000 -> {7A135D99-1C23-422F-B8F4-F7666FEAE820} URL = hxxp://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1459357452-663562519-2726307472-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1000&geo=US&ver=22.10.0.83&locale=en_US&guid=E9F38490-4D80-40D7-8D4C-C2A4D91290D3&doi=2015-07-31&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1459357452-663562519-2726307472-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-1459357452-663562519-2726307472-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1459357452-663562519-2726307472-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1459357452-663562519-2726307472-1000 -> {FC9FA277-ECDA-42EA-B54A-BB6512172A89} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-07] (Microsoft Corporation)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.10.0.83\coIEPlg.dll [2017-06-30] (Symantec Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-02-18] (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-07-07] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-04-07] (HP Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine32\22.10.0.83\coIEPlg.dll [2017-06-30] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-02-18] (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll => No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-07-07] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-04-07] (HP Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.10.0.83\coIEPlg.dll [2017-06-30] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine32\22.10.0.83\coIEPlg.dll [2017-06-30] (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
DPF: HKLM-x32 {4912ED81-BD9F-485E-86CA-BD62EC957435} hxxps://soarianprod.unch.unc.edu/C6WA1_020558005_UNCH_p_htm_25//sframe/IETools.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL No File
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Coastmom\AppData\Roaming\Mozilla\Firefox\Profiles\8fsisjfa.default-1442799565872 [2017-07-21]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\8fsisjfa.default-1442799565872 -> Google
FF Homepage: Mozilla\Firefox\Profiles\8fsisjfa.default-1442799565872 -> hxxps://search.norton.com?o=APN12179&prt=SSS&chn=store&ver=1.0.1.5&tpr=111&guid=8e7b2ba9-2a92-4d70-e959-d816e33ee907&doi=2017-7-10
FF Session Restore: Mozilla\Firefox\Profiles\8fsisjfa.default-1442799565872 -> is enabled.
FF Extension: (Norton Identity Safe) - C:\Users\Coastmom\AppData\Roaming\Mozilla\Firefox\Profiles\8fsisjfa.default-1442799565872\Extensions\idsafe@norton.com.xpi [2017-06-03]
FF Extension: (Norton Safe Search) - C:\Users\Coastmom\AppData\Roaming\Mozilla\Firefox\Profiles\8fsisjfa.default-1442799565872\Extensions\nortonsafesearch@symantec.com.xpi [2017-07-10]
FF SearchPlugin: C:\Users\Coastmom\AppData\Roaming\Mozilla\Firefox\Profiles\8fsisjfa.default-1442799565872\searchplugins\safesearch.xml [2015-10-02]
FF Extension: (TrueSuite Website Logon) - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2016-11-21] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-11-21] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-11-21] [not signed]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2017-07-10]
FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.9.5.29\coFFFw => not found
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: (FiddlerHook) - C:\Program Files (x86)\Fiddler2\FiddlerHook [2014-05-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-09-29] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF HKU\S-1-5-21-1459357452-663562519-2726307472-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2016-11-07] (Citrix Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-06-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1459357452-663562519-2726307472-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Coastmom\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1459357452-663562519-2726307472-1000: @talk.google.com/O1DPlugin -> C:\Users\Coastmom\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1459357452-663562519-2726307472-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Coastmom\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-1459357452-663562519-2726307472-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Coastmom\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2009-09-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2009-09-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2009-09-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2009-09-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2009-09-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2009-09-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2009-09-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2009-09-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2009-09-12] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2009-08-14] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2009-09-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Coastmom\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Coastmom\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Profile 2
CHR DefaultSearchURL: Profile 2 -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908&prt=cr
CHR DefaultSearchKeyword: Profile 2 -> NortonSafe
CHR DefaultSuggestURL: Profile 2 -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
CHR Session Restore: Profile 2 -> is enabled.
CHR Profile: C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Default [2015-04-11]
CHR Extension: (Google Slides) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-02]
CHR Extension: (Google Docs) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-02]
CHR Extension: (Google Drive) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-02]
CHR Extension: (YouTube) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-02]
CHR Extension: (Google Search) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-02]
CHR Extension: (Google Sheets) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-02]
CHR Extension: (Norton Identity Safe) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-04-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-02]
CHR Extension: (Norton Security Toolbar) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-04-02]
CHR Extension: (Google Wallet) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-02]
CHR Extension: (Gmail) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR Profile: C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 1 [2015-04-14]
CHR Extension: (Google Slides) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-11]
CHR Extension: (Google Docs) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-11]
CHR Extension: (Google Drive) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-11]
CHR Extension: (YouTube) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-11]
CHR Extension: (Google Search) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-11]
CHR Extension: (Google Sheets) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-11]
CHR Extension: (Norton Identity Safe) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-04-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-11]
CHR Extension: (Norton Security Toolbar) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-04-11]
CHR Extension: (Google Wallet) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-11]
CHR Extension: (Gmail) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-11]
CHR Profile: C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 2 [2016-08-06]
CHR Extension: (Google Slides) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-14]
CHR Extension: (Google Docs) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-14]
CHR Extension: (Google Drive) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-24]
CHR Extension: (YouTube) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-10]
CHR Extension: (Norton Security Toolbar) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-08-06]
CHR Extension: (Google Search) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-24]
CHR Extension: (Google Sheets) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-14]
CHR Extension: (Google Docs Offline) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-06]
CHR Extension: (Norton Identity Safe) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-04-14]
CHR Extension: (Messages Saver) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kflkdhmijdgjnlbdkfgdmolcjnflmlhf [2016-08-06]
CHR Extension: (EXIF Viewer) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nafpfdcmppffipmhcpkbplhkoiekndck [2016-08-06]
CHR Extension: (Norton Safe) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-08-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-06]
CHR Extension: (Gmail) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-14]
CHR Extension: (Chrome Media Router) - C:\Users\Coastmom\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-06]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.10.0.83\Exts\Chrome.crx [2017-07-10]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-02-11]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.10.0.83\Exts\Chrome.crx [2017-07-10]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - <no Path/update_url>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 ARcltsrv; C:\Program Files\ARX\ARX CryptoKit\utils\ARcltsrv.exe [117856 2010-12-12] (Algorithmic Research Ltd.)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [63968 2015-05-21] (CyberGhost S.R.L)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4411584 2017-07-02] (Microsoft Corporation)
R2 CrashPlanService; C:\Program Files (x86)\CrashPlan\CrashPlanService.exe [221656 2017-06-08] (Code 42 Software)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Users\Coastmom\AppData\Local\Temp\7zS2A30\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed] <==== ATTENTION
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321056 2017-06-01] (HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-04] (Realsil Microelectronics Inc.) [File not signed]
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2011-06-30] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2011-06-30] (Alcatel-Lucent) [File not signed]
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.10.0.83\N360.exe [326144 2017-06-30] (Symantec Corporation)
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-11-14] (NETGEAR)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 WebDictateService; C:\Program Files (x86)\NCH Software\WebDictate\webdictate.exe [913592 2016-03-11] (NCH Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Bsecure; C:\Program Files (x86)\AVG\AVG Family Safety\InetCtrl.exe [X]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20170717.001\BHDrvx64.sys [1862816 2017-06-28] (Symantec Corporation)
S3 BSecACFltr; C:\Windows\System32\DRIVERS\BSecACFltr.sys [22832 2011-06-14] () [File not signed]
S3 BSecACFltr; C:\Windows\SysWOW64\DRIVERS\BSecACFltr.sys [21624 2011-06-14] ()
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\160A000.053\ccSetx64.sys [187520 2017-06-30] (Symantec Corporation)
R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508032 2017-06-29] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [158336 2017-06-29] (Symantec Corporation)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2016-06-26] (Sony Mobile Communications)
S3 ICDUSB3; C:\Windows\System32\Drivers\ICDUSB3.sys [13312 2008-08-18] (Sony Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20170719.002\IDSvia64.sys [1056920 2017-07-18] (Symantec Corporation)
S3 motport; C:\Windows\System32\DRIVERS\motport.sys [31744 2013-03-19] (Motorola Mobility Inc)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-05-05] (CACE Technologies, Inc.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\160A000.053\SRTSP64.SYS [810136 2017-06-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\160A000.053\SRTSPX64.SYS [49304 2017-06-30] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\160A000.053\SYMEFASI64.SYS [1868416 2017-06-30] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102568 2017-07-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\160A000.053\Ironx64.SYS [301288 2017-06-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\160A000.053\SYMNETS.SYS [566912 2017-06-30] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-21 08:49 - 2017-07-21 08:57 - 00047411 _____ C:\Users\Coastmom\Desktop\FRST.txt
2017-07-21 08:49 - 2017-07-21 08:49 - 00000000 ____D C:\FRST
2017-07-21 08:46 - 2017-07-21 08:45 - 02382336 _____ (Farbar) C:\Users\Coastmom\Desktop\FRST64.exe
2017-07-21 08:45 - 2017-07-21 08:45 - 02382336 _____ (Farbar) C:\Users\Coastmom\Downloads\FRST64.exe
2017-07-19 22:40 - 2017-07-19 22:40 - 00006792 _____ C:\Users\Coastmom\Desktop\SFCFix.txt
2017-07-19 22:34 - 2017-07-19 22:33 - 10101333 _____ C:\Users\Coastmom\Desktop\SFCFix.zip
2017-07-19 22:32 - 2017-07-19 22:33 - 10101333 _____ C:\Users\Coastmom\Downloads\SFCFix(2).zip
2017-07-19 14:05 - 2017-07-19 14:05 - 03157335 _____ C:\Users\Coastmom\Documents\Bob Cline letter 1974.pdf
2017-07-16 13:53 - 2017-07-16 13:53 - 00000000 ____D C:\New folder (11)
2017-07-16 12:23 - 2017-07-16 12:23 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2017-07-14 07:32 - 2017-07-14 07:32 - 00116356 _____ C:\Users\Coastmom\Downloads\SFCFix(1).zip
2017-07-12 15:24 - 2017-06-30 00:15 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-07-12 15:24 - 2017-06-29 23:32 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-07-12 15:24 - 2017-06-29 22:57 - 02319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-12 15:24 - 2017-06-29 22:57 - 02058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-07-12 15:24 - 2017-06-29 22:39 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-12 15:24 - 2017-06-29 22:38 - 01363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-07-12 15:24 - 2017-06-29 02:27 - 25734656 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-12 15:24 - 2017-06-29 02:02 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-12 15:24 - 2017-06-29 01:50 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-12 15:24 - 2017-06-29 01:44 - 05975552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-12 15:24 - 2017-06-29 01:43 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-07-12 15:24 - 2017-06-29 01:23 - 20270592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-07-12 15:24 - 2017-06-29 01:23 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-07-12 15:24 - 2017-06-29 00:58 - 15253504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-12 15:24 - 2017-06-29 00:53 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-12 15:24 - 2017-06-29 00:52 - 04549632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-07-12 15:24 - 2017-06-29 00:43 - 13663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-07-12 15:24 - 2017-06-29 00:41 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-12 15:24 - 2017-06-29 00:28 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-07-12 15:24 - 2017-06-29 00:24 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-07-12 15:24 - 2017-06-22 10:58 - 03223040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-12 15:24 - 2017-06-15 16:23 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-12 15:24 - 2017-06-12 18:54 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-07-12 15:24 - 2017-06-12 18:49 - 01363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-12 15:24 - 2017-06-12 18:49 - 00731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-12 15:24 - 2017-06-12 18:49 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2017-07-12 15:24 - 2017-06-12 18:49 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2017-07-12 15:24 - 2017-06-12 18:29 - 01227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-12 15:24 - 2017-06-12 18:29 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-07-12 15:24 - 2017-06-12 18:28 - 00554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-12 15:24 - 2017-06-12 18:28 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2017-07-12 15:24 - 2017-06-12 18:14 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-12 15:24 - 2017-06-12 18:06 - 00303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-12 15:24 - 2017-06-10 11:59 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-12 15:24 - 2017-06-10 11:39 - 00271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-12 15:24 - 2017-06-09 11:33 - 01680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-12 15:24 - 2017-06-06 11:30 - 01867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-12 15:24 - 2017-06-06 11:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-12 15:24 - 2017-05-30 00:56 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-12 15:24 - 2017-05-16 11:35 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-12 15:23 - 2017-07-06 00:56 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2017-07-12 15:23 - 2017-06-29 22:57 - 02222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-12 15:23 - 2017-06-29 22:57 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-07-12 15:23 - 2017-06-29 22:57 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-07-12 15:23 - 2017-06-29 22:57 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-07-12 15:23 - 2017-06-29 22:57 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-07-12 15:23 - 2017-06-29 22:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-07-12 15:23 - 2017-06-29 22:57 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-07-12 15:23 - 2017-06-29 22:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-07-12 15:23 - 2017-06-29 22:40 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-07-12 15:23 - 2017-06-29 22:40 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-07-12 15:23 - 2017-06-29 22:39 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-07-12 15:23 - 2017-06-29 22:38 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-12 15:23 - 2017-06-29 22:38 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-07-12 15:23 - 2017-06-29 22:38 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-07-12 15:23 - 2017-06-29 22:38 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-07-12 15:23 - 2017-06-29 22:38 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-07-12 15:23 - 2017-06-29 22:38 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-07-12 15:23 - 2017-06-29 22:38 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-07-12 15:23 - 2017-06-29 22:27 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-07-12 15:23 - 2017-06-29 22:27 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-07-12 15:23 - 2017-06-29 22:26 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-07-12 15:23 - 2017-06-29 22:26 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-07-12 15:23 - 2017-06-29 02:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-07-12 15:23 - 2017-06-29 02:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-07-12 15:23 - 2017-06-29 02:04 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-07-12 15:23 - 2017-06-29 02:03 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-07-12 15:23 - 2017-06-29 02:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-07-12 15:23 - 2017-06-29 02:02 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-07-12 15:23 - 2017-06-29 02:02 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-07-12 15:23 - 2017-06-29 01:55 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-07-12 15:23 - 2017-06-29 01:54 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-07-12 15:23 - 2017-06-29 01:51 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-07-12 15:23 - 2017-06-29 01:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-07-12 15:23 - 2017-06-29 01:50 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-07-12 15:23 - 2017-06-29 01:50 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-07-12 15:23 - 2017-06-29 01:39 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-07-12 15:23 - 2017-06-29 01:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-07-12 15:23 - 2017-06-29 01:31 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-07-12 15:23 - 2017-06-29 01:31 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-07-12 15:23 - 2017-06-29 01:30 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-07-12 15:23 - 2017-06-29 01:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-07-12 15:23 - 2017-06-29 01:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-07-12 15:23 - 2017-06-29 01:23 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-07-12 15:23 - 2017-06-29 01:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-07-12 15:23 - 2017-06-29 01:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-07-12 15:23 - 2017-06-29 01:22 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-07-12 15:23 - 2017-06-29 01:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-07-12 15:23 - 2017-06-29 01:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-07-12 15:23 - 2017-06-29 01:19 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-07-12 15:23 - 2017-06-29 01:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-07-12 15:23 - 2017-06-29 01:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-07-12 15:23 - 2017-06-29 01:14 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-07-12 15:23 - 2017-06-29 01:13 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-07-12 15:23 - 2017-06-29 01:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-07-12 15:23 - 2017-06-29 01:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-07-12 15:23 - 2017-06-29 01:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-07-12 15:23 - 2017-06-29 01:09 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-12 15:23 - 2017-06-29 01:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-07-12 15:23 - 2017-06-29 01:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-07-12 15:23 - 2017-06-29 01:07 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-07-12 15:23 - 2017-06-29 01:05 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-07-12 15:23 - 2017-06-29 01:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-07-12 15:23 - 2017-06-29 01:00 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-07-12 15:23 - 2017-06-29 01:00 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-07-12 15:23 - 2017-06-29 00:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-07-12 15:23 - 2017-06-29 00:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-07-12 15:23 - 2017-06-29 00:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-07-12 15:23 - 2017-06-29 00:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-07-12 15:23 - 2017-06-29 00:48 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-07-12 15:23 - 2017-06-29 00:47 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-07-12 15:23 - 2017-06-29 00:46 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-07-12 15:23 - 2017-06-29 00:46 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-07-12 15:23 - 2017-06-29 00:29 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-12 15:23 - 2017-06-29 00:23 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-07-12 15:23 - 2017-06-12 18:54 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-07-12 15:23 - 2017-06-12 18:54 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-07-12 15:23 - 2017-06-12 18:49 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-07-12 15:23 - 2017-06-12 18:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-07-12 15:23 - 2017-06-12 18:29 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-07-12 15:23 - 2017-06-12 18:29 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-07-12 15:23 - 2017-06-12 18:29 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-07-12 15:23 - 2017-06-12 18:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-07-12 15:23 - 2017-06-12 18:29 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-07-12 15:23 - 2017-06-12 18:29 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-07-12 15:23 - 2017-06-12 18:28 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-07-12 15:23 - 2017-06-12 18:28 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-07-12 15:23 - 2017-06-12 18:28 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-07-12 15:23 - 2017-06-12 18:28 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-07-12 15:23 - 2017-06-12 18:28 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-07-12 15:23 - 2017-06-12 18:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-07-12 15:23 - 2017-06-12 18:28 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-07-12 15:23 - 2017-06-12 18:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-07-12 15:23 - 2017-06-12 18:28 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-07-12 15:23 - 2017-06-12 18:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-07-12 15:23 - 2017-06-12 18:19 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-07-12 15:23 - 2017-06-12 18:14 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2017-07-12 15:23 - 2017-06-12 18:14 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2017-07-12 15:23 - 2017-06-12 18:12 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-07-12 15:23 - 2017-06-12 18:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-07-12 15:23 - 2017-06-12 18:12 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-07-12 15:23 - 2017-06-12 18:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-07-12 15:23 - 2017-06-12 18:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-07-12 15:23 - 2017-06-12 18:06 - 00157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2017-07-12 15:23 - 2017-06-12 18:06 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe
2017-07-12 15:23 - 2017-06-12 18:05 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-07-12 15:23 - 2017-05-30 00:56 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-07-12 15:23 - 2017-05-30 00:56 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-07-12 15:23 - 2017-05-21 00:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-07-12 15:23 - 2017-05-21 00:06 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-07-12 15:23 - 2017-05-16 11:35 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-07-12 15:23 - 2017-05-16 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-07-12 15:19 - 2017-07-12 15:22 - 564744309 _____ C:\Users\Coastmom\Downloads\Windows6.1-KB947821-v34-x64.msu
2017-07-10 09:18 - 2017-07-10 09:18 - 00003208 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2017-07-10 08:47 - 2017-06-12 10:07 - 02884096 _____ (niemiro) C:\Users\Coastmom\Desktop\SFCFix.exe
2017-07-10 08:43 - 2017-07-10 08:43 - 00006151 _____ C:\Users\Coastmom\Downloads\SFCFix.zip
2017-07-09 16:18 - 2017-07-09 16:18 - 00565781 _____ C:\Users\Coastmom\Documents\Ipad apps for AAC July 9 2017 spipadaac-1.pdf
2017-07-09 16:17 - 2017-07-09 16:17 - 00758735 _____ C:\Users\Coastmom\Documents\Post extubation dysphagia July 9 2017 slideshopostextubdysphbartow7-31-14.pdf
2017-07-09 16:16 - 2017-07-09 16:16 - 03425929 _____ C:\Users\Coastmom\Documents\Bolus size evidence review July 9 2107 rizzosupplementalhandouts-1.pdf
2017-07-09 16:15 - 2017-07-09 16:15 - 00079653 _____ C:\Users\Coastmom\Documents\Sensory approach to dysphagia july 9 2017 referenceswallace1-8-15.pdf
2017-07-09 16:14 - 2017-07-09 16:14 - 00237621 _____ C:\Users\Coastmom\Documents\Sensory approach to dysphagia july 9 2017 slideshocntxwallace1-8-15.pdf
2017-07-09 16:13 - 2017-07-09 16:13 - 00378182 _____ C:\Users\Coastmom\Documents\Cranial nerves July 9 2017 neuroanatomy.pdf
2017-07-09 16:12 - 2017-07-09 16:12 - 00193711 _____ C:\Users\Coastmom\Documents\Cranial nerves dysphagia July 9 2017 cndysphslidesh-o.pdf
2017-07-09 16:11 - 2017-07-09 16:11 - 00131468 _____ C:\Users\Coastmom\Documents\Aspriation who gets sick july 9 2017 resourcelist.pdf
2017-07-09 16:10 - 2017-07-09 16:10 - 00775530 _____ C:\Users\Coastmom\Documents\Aspiration who gets sick july 9 2017 aspirationriskslideshomansolillo2-20-14.pdf
2017-07-09 16:09 - 2017-07-09 16:09 - 91705493 _____ C:\Users\Coastmom\Documents\Back to Basics MBSS color July 9 2017 spvideofluoroscopiccolor.pdf
2017-07-09 16:07 - 2017-07-09 16:07 - 03652880 _____ C:\Users\Coastmom\Documents\Back to Basics MBSS July 9 2017 spvideofluoroscopic.pdf
2017-07-09 15:35 - 2017-07-09 15:44 - 00907527 _____ C:\Users\Coastmom\Documents\IC Logic Coventry EE fill-able form-1.pdf
2017-07-07 18:36 - 2017-07-07 18:36 - 00039235 _____ C:\Users\Coastmom\Documents\Mammogram facility Statement_06_21_2017.pdf
2017-07-07 18:35 - 2017-07-07 18:35 - 00035589 _____ C:\Users\Coastmom\Documents\Mammogram MD Statement_06_25_2017-1.pdf
2017-07-07 13:06 - 2017-07-07 13:06 - 00034328 _____ C:\Users\Coastmom\Downloads\Statement_06_21_2017.PDF

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-21 08:48 - 2009-07-13 22:34 - 00000534 _____ C:\Windows\win.ini
2017-07-21 08:42 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-21 08:42 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-21 08:18 - 2016-11-21 17:07 - 00000000 ____D C:\Users\Coastmom\AppData\LocalLow\Mozilla
2017-07-21 08:16 - 2011-07-03 15:06 - 00000439 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-07-21 08:15 - 2011-07-06 15:17 - 00000000 ____D C:\Temp
2017-07-21 08:14 - 2011-06-24 10:35 - 00000000 ____D C:\Users\Coastmom\AppData\LocalLow\AuthenTec
2017-07-21 08:13 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-20 09:47 - 2015-07-30 10:08 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2017-07-20 00:40 - 2011-06-24 11:06 - 00000000 ____D C:\Users\Coastmom\AppData\Local\ElevatedDiagnostics
2017-07-20 00:40 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-07-19 22:47 - 2011-10-21 12:10 - 00000000 ____D C:\Windows\pss
2017-07-19 22:40 - 2017-06-02 16:51 - 00000000 ____D C:\SFCFix
2017-07-19 22:40 - 2017-06-02 16:41 - 00000000 ____D C:\Users\Coastmom\AppData\Local\niemiro
2017-07-19 20:14 - 2016-11-21 10:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-19 20:14 - 2011-06-25 09:45 - 00000000 ____D C:\Program Files (x86)\CrashPlan
2017-07-19 19:12 - 2011-10-30 11:31 - 00000000 ____D C:\Users\Coastmom\AppData\Local\Citrix
2017-07-19 18:57 - 2011-06-24 20:00 - 00000000 ____D C:\Users\Coastmom\Documents\Youcam
2017-07-19 13:41 - 2015-02-02 17:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-07-19 11:33 - 2015-02-02 17:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-19 11:27 - 2015-07-10 12:36 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-19 11:27 - 2015-05-18 07:52 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-07-16 13:55 - 2011-06-24 14:16 - 00000000 ____D C:\Users\Coastmom\AppData\Local\CrashDumps
2017-07-16 13:54 - 2016-07-07 19:05 - 00000000 ____D C:\aa-Vanguard
2017-07-13 10:13 - 2015-03-16 14:56 - 00000000 ____D C:\Program Files\CyberGhost 5
2017-07-13 09:35 - 2015-07-14 11:45 - 00000000 ____D C:\Program Files\Common Files\AV
2017-07-12 17:35 - 2012-06-21 11:16 - 00000000 ____D C:\aa-Dysphagia
2017-07-12 16:43 - 2009-07-14 00:45 - 00448488 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-12 16:31 - 2013-08-14 07:56 - 00000000 ____D C:\Windows\system32\MRT
2017-07-12 16:26 - 2011-06-25 11:24 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-12 10:15 - 2014-10-01 22:51 - 00023501 _____ C:\Windows\BRRBCOM.INI
2017-07-12 10:00 - 2016-10-30 17:04 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-07-12 09:59 - 2016-10-30 17:04 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-07-12 09:59 - 2016-10-30 17:04 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-12 09:59 - 2011-11-16 08:47 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-12 09:59 - 2011-04-03 14:11 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-12 09:32 - 2012-04-27 08:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-10 10:02 - 2015-03-17 11:11 - 00001119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-07-10 10:02 - 2015-03-17 11:11 - 00001107 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-07-10 09:33 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Public\Libraries
2017-07-10 09:19 - 2015-07-30 10:16 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2017-07-10 09:18 - 2013-11-02 19:06 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2017-07-10 09:17 - 2016-07-07 08:19 - 00002184 _____ C:\Users\Public\Desktop\Norton 360.lnk
2017-07-10 09:04 - 2013-11-02 19:08 - 00102568 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2017-07-10 09:04 - 2013-11-02 19:08 - 00008309 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2017-07-07 23:36 - 2012-12-09 20:16 - 00000000 ____D C:\aa-Speech Pathology dot com classes
2017-07-07 13:32 - 2014-10-01 22:55 - 00000000 ____D C:\Program Files (x86)\Browny02
2017-06-29 07:41 - 2015-04-02 22:51 - 00002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-29 07:41 - 2015-04-02 22:51 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-21 13:36 - 2009-07-14 01:13 - 00819142 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-21 13:36 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf

==================== Files in the root of some directories =======

2005-12-08 22:51 - 2005-12-08 22:51 - 0000060 ____R () C:\Program Files (x86)\BRINST.INI
2015-01-28 13:03 - 2017-03-13 11:39 - 0000093 _____ () C:\Users\Coastmom\AppData\Roaming\ARCompanion.log
2013-08-08 09:32 - 2013-08-08 09:32 - 0004096 ____H () C:\Users\Coastmom\AppData\Local\keyfile3.drm
2015-02-19 12:47 - 2015-02-19 12:47 - 0000858 _____ () C:\Users\Coastmom\AppData\Local\recently-used.xbel
2017-06-10 17:46 - 2017-06-10 17:46 - 0000017 _____ () C:\Users\Coastmom\AppData\Local\resmon.resmoncfg
2014-06-15 12:26 - 2014-06-29 08:28 - 0000040 ___SH () C:\ProgramData\.zreglib
2011-12-04 11:09 - 2014-08-25 13:45 - 0000088 __RSH () C:\ProgramData\5C2F8B90C8.sys
2014-09-29 19:06 - 2014-10-15 13:16 - 0002238 _____ () C:\ProgramData\favicon.ico
2011-06-28 10:43 - 2014-09-29 19:57 - 0021362 _____ () C:\ProgramData\hpzinstall.log
2011-12-04 11:09 - 2014-08-25 13:45 - 0000900 ___SH () C:\ProgramData\KGyGaAvL.sys
2017-06-01 22:55 - 2017-06-01 22:55 - 0011246 _____ () C:\ProgramData\SMRResults501.dat

Files to move or delete:
====================
C:\ProgramData\SMRResults501.dat
C:\Users\Chiara\reamote.exe
C:\Users\Chiara\reaper.exe


Some files in TEMP:
====================
2006-10-28 01:14 - 2006-10-28 01:14 - 0145184 ____R (Microsoft Corporation) C:\Users\Coastmom\AppData\Local\Temp\ose00000.exe
2006-05-24 13:10 - 2006-05-24 13:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Coastmom\AppData\Local\Temp\_isC7C3.exe
2006-05-24 13:10 - 2006-05-24 13:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Coastmom\AppData\Local\Temp\_isCF81.exe
2006-05-24 13:10 - 2006-05-24 13:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Coastmom\AppData\Local\Temp\_isFC29.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-20 00:33

==================== End of FRST.txt ============================
 
Addition.txt:
***********************
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2017
Ran by Coastmom (21-07-2017 08:58:50)
Running from C:\Users\Coastmom\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-06-24 14:35:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1459357452-663562519-2726307472-500 - Administrator - Disabled)
Chiara (S-1-5-21-1459357452-663562519-2726307472-1004 - Limited - Enabled) => C:\Users\Chiara
Coastmom (S-1-5-21-1459357452-663562519-2726307472-1000 - Administrator - Enabled) => C:\Users\Coastmom
Guest (S-1-5-21-1459357452-663562519-2726307472-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 Premier (Disabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier (Disabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton 360 Premier (Disabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-1459357452-663562519-2726307472-1000\...\Adobe Connect 9 Add-in) (Version: 11,9,976,291 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
AIO_CDA_ProductContext (HKLM-x32\...\{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (HKLM-x32\...\{A7AEE29F-839E-46B5-B347-6D430618129F}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (HKLM-x32\...\{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.206.1717.117 - Alps Electric)
Android Screencast (HKU\S-1-5-21-1459357452-663562519-2726307472-1000\...\Android Screencast) (Version: - Alexandre Thiel)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
ARX CryptoKit (HKLM\...\{F75D2B1D-5309-41DF-BC96-DFC3C3568C1D}) (Version: 4.5.3 - Algorithmic Research Ltd.)
ARX Office Signatures (HKLM\...\{63953150-62B8-4E8E-9E46-E23E157C4C40}) (Version: 5.40 - Algorithmic Research Ltd.)
ARX OmniSign Printer (HKLM\...\{F1936BBB-2DED-47FE-B3AD-101EAAC22CFE}) (Version: 5.40 - Algorithmic Research Ltd.)
ARX Signature API (HKLM\...\{7927F52B-00BF-4B7A-BD3F-1DBAD22FC0BB}) (Version: 5.40 - Algorithmic Research Ltd.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)
AuthenTec TrueAPI (HKLM\...\{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}) (Version: 1.2.1.33 - AuthenTec, Inc.) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)
Boardmaker (HKLM-x32\...\Boardmaker) (Version: - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother Driver Deployment Wizard (HKLM-x32\...\{0ED38503-B69A-44B4-98BE-21BFF284A9B6}) (Version: 1.09.000 - Brother)
Brother MFL-Pro Suite MFC-J470DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.4.0 - Brother Industries, Ltd.)
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C6100 (HKLM-x32\...\{0DEF8C02-2EAB-4BFE-A7E0-7990665DF1A9}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
c6100_Help (HKLM-x32\...\{4BD5B5D2-406D-4bc5-BB10-2F0D1D367C95}) (Version: 82.0.256.000 - Hewlett-Packard) Hidden
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Receiver 4.6 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.6.0.12010 - Citrix Systems, Inc.)
Copy (HKLM-x32\...\{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}) (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Corel Painter Essentials 4 (HKLM-x32\...\{A3CF662F-5DEF-46C0-BAF5-0E00E1B4C5B0}) (Version: 4.2 - Corel Corporation) Hidden
CrashPlan (HKLM-x32\...\{DF11938A-21AB-45B9-AF70-97510042CDFC}) (Version: 4.8.3.15 - Code 42 Software)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3908 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{2FF8C687-DB7D-4adc-A5DC-57983EC25046}) (Version: 130.0.465.000 - Hewlett-Packard) Hidden
Digital Voice Editor 3 (HKLM-x32\...\{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}) (Version: 3.3.01.11240 - Sony Corporation)
DING! (HKLM-x32\...\{84031A18-BA9A-4156-A74F-E05B52DDFCE2}) (Version: 1.05.005 - Southwest Airlines)
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-1459357452-663562519-2726307472-1000\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Epic@UNC (HKU\S-1-5-21-1459357452-663562519-2726307472-1000\...\csg-aaaeaa84@@XenAppVIP:Epic@UNC) (Version: 1.0 - Delivered by Citrix)
Equestriad 2001 (HKLM-x32\...\Equestriad 2001) (Version: - )
eReg (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Express Dictate (HKLM-x32\...\Express) (Version: - NCH Software)
Express Scribe (HKLM-x32\...\Scribe) (Version: - NCH Software)
Express Zip (HKLM-x32\...\ExpressZip) (Version: 2.28 - NCH Software)
Fax (HKLM-x32\...\{440B915A-0C85-45DB-92AE-75AE14704A64}) (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.4.8.0 - Telerik)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
honestech VHS to DVD 5.0 Deluxe (HKLM-x32\...\{21278F3C-22B5-4C00-BE2E-90F6BE2D19C5}) (Version: 5.0 - honestech) Hidden
honestech VHS to DVD 5.0 Deluxe (HKLM-x32\...\{44FF002B-5AB3-4447-8F98-614387B63EE6}) (Version: 5.0 - honestech)
HP 3D DriveGuard (HKLM\...\{5601F151-A69F-4E30-8C60-37928124CD07}) (Version: 4.1.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Documentation (HKLM-x32\...\{40BDA06B-BF53-4005-A0D4-7A50F7910C1A}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photosmart All-In-One Driver Software 13.0 Rel. A (HKLM\...\{17016DA1-F040-4032-BD36-34DD317BC9D5}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}) (Version: 2.5.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP SimplePass 2011 (HKLM-x32\...\{BCFAA37D-A6DB-43BF-A351-43F183E52D07}) (Version: 5.1.0.495 - Hewlett-Packard)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Software Framework (HKLM-x32\...\{F8070C51-4B1D-430C-8BCF-19696368366F}) (Version: 4.0.110.1 - Hewlett-Packard Company)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{05F81C27-62A5-4A0C-8519-60CB66CF87C6}) (Version: 8.4.19.3 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{183BD477-774B-4700-B40B-EE43886E74D2}) (Version: 12.7.22.13 - HP Inc.)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}) (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (HKLM-x32\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (HKLM-x32\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
iBackup Extractor (HKLM-x32\...\{7D261980-CAC6-46EB-89CF-5D951EE6E15E}) (Version: 2.13 - Wide Angle Software)
iBackup Viewer 3.00 (HKLM-x32\...\{5B428966-3054-41E3-B0F8-008EE30BD019}_is1) (Version: - iMacTools)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3517 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (HKLM\...\{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}) (Version: 1.1.0.0157 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}) (Version: 14.0.2000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel(R) Wireless Display (HKLM-x32\...\{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}) (Version: 2.0.30.0 - Intel Corporation)
iPhone Configuration Utility (HKLM-x32\...\{B90FCEB7-2B0C-4D27-95B5-54238DF059ED}) (Version: 3.6.2.300 - Apple Inc.)
IPVanish (HKLM-x32\...\{351ECFAE-3871-4071-9DB4-EDC23327E3CF}) (Version: 2.0.5718.21304 - IPVanish.com) Hidden
IPVanish VPN (HKLM-x32\...\{17fca5cd-b014-4279-9148-35dddd3e6eca}) (Version: 2.0.5718.21304 - IPVanish.com)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.6.0.0 - LG Electronics)
Logitech SetPoint 6.32 (HKLM\...\SP6) (Version: 6.32.20 - Logitech)
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Mathematics (64-bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8229.2086 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1459357452-663562519-2726307472-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft SharePoint Designer 2010 (HKLM-x32\...\Office14.SharePointDesigner) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MotoHelper MergeModules (HKLM-x32\...\{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}) (Version: 1.2.0 - Motorola) Hidden
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (HKLM-x32\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
Mozilla Thunderbird 17.0.8 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 17.0.8 (x86 en-US)) (Version: 17.0.8 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NaturalReaderFree (HKLM-x32\...\{B99690D5-0BD4-403B-98D9-D0E997239454}) (Version: 1.00.0000 - Naturalsoft)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.13 - NETGEAR Inc.)
Network64 (HKLM\...\{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}) (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Norton 360 Premier (HKLM-x32\...\N360) (Version: 22.10.0.83 - Symantec Corporation)
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 7.0.0.18 - Symantec Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-1459357452-663562519-2726307472-1000\...\Octoshape add-in for Adobe Flash Player) (Version: - )
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2086 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2086 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2086 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
Online Plug-in (HKLM-x32\...\{9E362141-4BE9-47C3-BD36-638B77AC87AA}) (Version: 14.6.0.12010 - Citrix Systems, Inc.) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PhoneSheriff Investigator version 1.0 (HKLM-x32\...\{BE248F50-7823-4327-9CC2-F034BFC6BB58}_is1) (Version: 1.0 - Retina- X Studios)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: - NCH Software)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{DBCD5E64-7379-4648-9444-8A6558DCB614}) (Version: 2.0.0 - Hewlett-Packard) Hidden
Revo Uninstaller Pro 2.5.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.5 - VS Revo Group, Ltd.)
RSDLite (HKLM-x32\...\{5ED80B30-4DAE-4D73-9D62-AD89F661AF46}) (Version: 5.7 - Motorola)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden
Self-service Plug-in (HKLM-x32\...\{27B93352-3746-4329-9D16-CE20A1E400C5}) (Version: 4.6.0.14932 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{8B883A57-E4BC-4745-8E6C-68168850F9DD}) (Version: - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (HKLM-x32\...\{DC635845-46D3-404B-BCB1-FC4A91091AFA}) (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.16.8.201605301505 - Sony Mobile Communications Inc.)
Speedy Claims V6 (HKLM-x32\...\{703AC5A7-7BA9-4006-9303-2A1D5C4BFB3D}) (Version: 6.8.0.40 - SpeedySoft USA, Inc.)
SSA Benefit Calculator (HKLM-x32\...\{340D61BB-350A-40F4-8CFD-4F860E12066E}) (Version: 1.13.0002 - Social Security Administration)
Status (HKLM-x32\...\{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}) (Version: 130.0.469.000 - Hewlett-Packard) Hidden
SuperLab 4.5 (HKLM-x32\...\SuperLab_is1) (Version: 4.5 - Cedrus Corporation)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: - NCH Software)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}) (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UniPDF 1.0.5 (HKLM-x32\...\UniPDF) (Version: 1.0.5 - UniPDF.com)
UnloadSupport (HKLM-x32\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
USB2.0 VIDBOX NW03, NW06 (HKLM-x32\...\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}) (Version: 3.0.6 - honestech)
Validity WBF DDK (HKLM\...\{7C54D017-21BB-43AE-9746-33E78AF4A425}) (Version: 4.3.118.0 - Validity Sensors, Inc.)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: - NCH Software)
VSDC Free Video Editor version 2.1.9.227 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 2.1.9.227 - Flash-Integro LLC)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.1.7-3 - Wacom Technology Corp.)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.05 - NCH Software)
Web Dictate (HKLM-x32\...\WebDictate) (Version: 2.13 - NCH Software)
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8200 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wondershare Video Editor(Build 3.0.3) (HKLM-x32\...\Wondershare Video Editor_is1) (Version: - Wondershare)
Xperia Companion (HKLM-x32\...\{87971D31-1246-4141-8424-6ECC64D96E1D}) (Version: 1.2.8.0 - Sony) Hidden
Xperia Companion (HKLM-x32\...\{8f4f39fa-087f-4e5c-84f3-1433ac7389e9}) (Version: 1.2.8.0 - Sony)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1459357452-663562519-2726307472-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Coastmom\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1459357452-663562519-2726307472-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Coastmom\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1459357452-663562519-2726307472-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Coastmom\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1459357452-663562519-2726307472-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Coastmom\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1459357452-663562519-2726307472-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Coastmom\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1459357452-663562519-2726307472-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Coastmom\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1459357452-663562519-2726307472-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Coastmom\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1459357452-663562519-2726307472-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Coastmom\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1459357452-663562519-2726307472-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Coastmom\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1459357452-663562519-2726307472-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Coastmom\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1459357452-663562519-2726307472-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Coastmom\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1459357452-663562519-2726307472-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Coastmom\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1459357452-663562519-2726307472-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Coastmom\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1459357452-663562519-2726307472-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Coastmom\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1459357452-663562519-2726307472-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Coastmom\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1459357452-663562519-2726307472-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Coastmom\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1459357452-663562519-2726307472-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Coastmom\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1459357452-663562519-2726307472-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Coastmom\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1459357452-663562519-2726307472-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Coastmom\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1459357452-663562519-2726307472-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Coastmom\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1459357452-663562519-2726307472-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Coastmom\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1459357452-663562519-2726307472-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Coastmom\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1459357452-663562519-2726307472-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Coastmom\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_1\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1459357452-663562519-2726307472-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Coastmom\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1459357452-663562519-2726307472-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Coastmom\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1459357452-663562519-2726307472-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Coastmom\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1459357452-663562519-2726307472-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Coastmom\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1459357452-663562519-2726307472-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Coastmom\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1459357452-663562519-2726307472-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Coastmom\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1459357452-663562519-2726307472-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Coastmom\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1459357452-663562519-2726307472-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Coastmom\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1459357452-663562519-2726307472-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Coastmom\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine\22.10.0.83\buShell.dll [2017-06-30] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine\22.10.0.83\buShell.dll [2017-06-30] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine\22.10.0.83\buShell.dll [2017-06-30] (Symantec Corporation)
ShellIconOverlayIdentifiers: [Autcrypt] -> {5C3419D7-0F76-4744-84E4-3B3C9908834B} => C:\Windows\SysWOW64\inetdll.dll -> No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Coastmom\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Coastmom\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Coastmom\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Coastmom\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine32\22.10.0.83\buShell.dll [2017-06-30] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine32\22.10.0.83\buShell.dll [2017-06-30] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine32\22.10.0.83\buShell.dll [2017-06-30] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Coastmom\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Coastmom\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Coastmom\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers01: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton 360\Engine\22.10.0.83\buShell.dll [2017-06-30] (Symantec Corporation)
ContextMenuHandlers01: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2014-02-21] ()
ContextMenuHandlers01: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers01: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2015-04-26] (Apple Inc.)
ContextMenuHandlers01: [ShellConverter] -> {30A4E07E-068A-4d91-8F05-691283A1336B} => C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSShellConverter64.dll -> No File
ContextMenuHandlers01: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton 360\Engine\22.10.0.83\NavShExt.dll [2017-06-30] (Symantec Corporation)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-12-03] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers02: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton 360\Engine\22.10.0.83\NavShExt.dll [2017-06-30] (Symantec Corporation)
ContextMenuHandlers04: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2014-03-20] (Intel Corporation)
ContextMenuHandlers06: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton 360\Engine\22.10.0.83\buShell.dll [2017-06-30] (Symantec Corporation)
ContextMenuHandlers06: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2014-02-21] ()
ContextMenuHandlers06: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2010-08-12] (VS Revo Group)
ContextMenuHandlers06: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton 360\Engine\22.10.0.83\NavShExt.dll [2017-06-30] (Symantec Corporation)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-12-03] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers1_S-1-5-21-1459357452-663562519-2726307472-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Coastmom\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-1459357452-663562519-2726307472-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Coastmom\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-1459357452-663562519-2726307472-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Coastmom\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F28A18D-B656-4FD7-986B-D5C47DB97EE8} - System32\Tasks\{53C09993-FD90-4616-9949-DCA2211BD3D3} => E:\setup.exe
Task: {120E7900-F244-4A5E-8609-A20324717EDD} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {1212080A-2BC0-4699-9B0E-11AD260C93A2} - System32\Tasks\GoogleUpdateTaskMachineCore1d12e2d5920fb63 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {19067B8C-78E6-4108-987C-8C21C6BA3976} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {1A3520E2-EEDD-442D-976E-36EF405BB8BB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {1C0B96AD-6EED-45A6-9E14-359FB61CD0FC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {2003CFDF-E68C-4498-8BB3-C9DF40D5993F} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {22A012EA-5E7D-49D4-A638-4C94D4CCD5A3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-12] (Adobe Systems Incorporated)
Task: {287D30EB-476F-4625-BBCF-8FCE3F8A93CD} - System32\Tasks\Norton 360\Norton 360 Premier Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.10.0.83\SymErr.exe [2017-06-30] (Symantec Corporation)
Task: {2913451B-5577-43F8-B602-797137CE28E8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1459357452-663562519-2726307472-1000Core1d12ed252cc2ed => C:\Users\Coastmom\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {2FB6D8BC-5BAC-4A38-A335-EADF5FC9DF6C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-04-07] (HP Inc.)
Task: {33996C09-64D5-4C39-AC7A-FCB6B4A36EE4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-02] (Microsoft Corporation)
Task: {345BFF94-B464-4195-862A-FDD6A09D690C} - System32\Tasks\{418E5F38-1D93-40FC-BBD0-4D601F06692D} => C:\Windows\system32\pcalua.exe -a C:\Users\Coastmom\Downloads\sp52814.exe -d C:\Users\Coastmom\Downloads
Task: {35E2C0FA-C15F-414D-863E-266BE8D09565} - System32\Tasks\{7D133A8F-1BB9-44B8-B4CF-E9BA0A993202} => C:\Windows\system32\pcalua.exe -a E:\Launch.exe -d E:\
Task: {388DA105-4E29-47D3-BD02-C8F997933F46} - System32\Tasks\{110595B1-5F13-4EEA-B706-DB89AF2C68E5} => C:\Windows\system32\pcalua.exe -a C:\Users\Coastmom\Downloads\EOrg2013.exe -d C:\Users\Coastmom\Downloads
Task: {51DAAEFF-F67B-4ABB-B7AA-391839C15489} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-08] (CyberLink)
Task: {5AE7D886-97D2-4708-8F34-A76F3F76A286} - System32\Tasks\Norton Family\Norton Error Processor => C:\Program Files (x86)\Norton Family\Engine\3.0.0.52\SymErr.exe
Task: {5F1AC278-A883-4E2B-B8CC-4884EA1DF3B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {60D232CA-BA64-4A15-9352-D85368DE422D} - System32\Tasks\Norton One\Norton Error Processor => C:\Program Files (x86)\Norton One\Engine\3.2.2.12\SymErr.exe
Task: {6A5A0AF0-AA43-4593-A49F-133C41D2C8DE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {7474A1F2-4D04-4571-9966-06B63DC01BC2} - System32\Tasks\{01BF1C2B-50E7-4225-8CB1-5E8169B94E30} => msiexec.exe /package "E:\Let's Ride! Silver Buckle Stables.msi"
Task: {75379629-0AD4-432A-B616-63170FB2E691} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360 Premier\Upgrade.exe [2017-06-30] (Symantec Corporation)
Task: {78362CB5-3195-48F5-84D5-BE2DFD9EE5D4} - System32\Tasks\{44559E42-239D-4ABC-82FD-800A0E436DE5} => C:\aa-Steel Droid 3\adt\SDK Manager.exe [2013-10-30] ()
Task: {7D234689-6739-49C4-B30B-1D010273FD9E} - System32\Tasks\{39AD7610-0274-4ADC-8B37-5A2AF73508BE} => msiexec.exe /package "E:\Let's Ride! Silver Buckle Stables.msi"
Task: {81111268-11DA-49C9-B2A9-178B92605DC1} - System32\Tasks\{DAA83B26-C53F-461B-B292-DE04ED0C2290} => C:\Windows\system32\pcalua.exe -a C:\Users\Coastmom\Downloads\CacheFireSetup.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {82D18094-20A8-4AC4-BA2A-BC3602C91C01} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-07] ()
Task: {83ADE988-CA36-405E-891B-F1DA4310A7F4} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {87AB45AE-15E8-4B13-8243-2E9BC35130AD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1459357452-663562519-2726307472-1000UA => C:\Users\Coastmom\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {87B50258-6B73-4414-832B-2BB5428323FC} - System32\Tasks\{FB9CE57A-DC24-457E-9943-DC4675113DDB} => E:\setup.exe
Task: {9283B94C-5CC5-4E0C-A898-73790EB6A3A8} - System32\Tasks\{597C50DB-1A94-4E71-B4C0-407A5563B77A} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.1.0.104.324/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {94DF3F48-AC6C-4FCD-BEF6-662FF6092D58} - System32\Tasks\{1BA7BB79-93F5-4A28-A3E4-538E06DFD863} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.1.0.104.324/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {9537685E-DF7C-49F6-9392-9B9391B65CFB} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {99454AE7-B548-4B79-A26F-2D855383C9B1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1459357452-663562519-2726307472-1000Core => C:\Users\Coastmom\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {9EC3A5CC-320E-45E1-BC64-BC9153FA21DD} - System32\Tasks\Norton Family\Norton Error Analyzer => C:\Program Files (x86)\Norton Family\Engine\3.0.0.52\SymErr.exe
Task: {A24B650A-2BD0-4706-AAA4-0FC816294320} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-07] ()
Task: {A69AA1B2-070B-4606-B381-E3470877B775} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {A6B9B3E2-9A7E-4815-8527-6A97A3A016EE} - System32\Tasks\Defragmenter => defrag
Task: {A7C6D658-9FD8-4A08-9E49-E8351B302E5D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {A97F0161-739A-41B3-9269-41AA46AAE2AE} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-04-26] (Apple Inc.)
Task: {AAE3B613-60DF-44F0-AA0F-A874980BA281} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-02] (Microsoft Corporation)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B3DFC012-E0E6-4986-98CD-B591B9231561} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {B8CEA35C-7C77-4A3E-B239-31FC43D38045} - System32\Tasks\{FBFC2040-A477-4EDA-BAA3-B431F6AA30D7} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.1.0.104.324/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {C59EBC42-E5CE-4058-B9E2-737AE2BD41C9} - System32\Tasks\{A1A91AF6-7BB9-40D5-941B-37BCFEEC4F2A} => E:\Launch.exe
Task: {CBC4FAF4-1692-48C2-86DF-1E52BAE7F6DC} - System32\Tasks\HPCeeScheduleForCoastmom => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: {CD1B1358-51C2-4DF2-8BF3-8801369EF3FD} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {CDE80FB3-BBE0-4FBA-B60B-4148A70F234A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-04-06] (HP Inc.)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {DAE5EC4B-DCF2-4317-A886-F00E246B8B77} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-04-07] (HP Inc.)
Task: {DBD78273-F1E8-4E96-BD70-F459E04E1099} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-07-19] (Microsoft Corporation)
Task: {E14E9A0D-B0B2-4D6A-B456-E9803DE1FA52} - System32\Tasks\GoogleUpdateTaskMachineUA1d12e2d595ec89b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E5A9FCFD-1C11-4F86-A340-327855EF4D11} - System32\Tasks\NCH Software\scribeShakeIcon => C:\Program Files (x86)\NCH Software\Scribe\Scribe.exe [2011-07-06] (NCH Software)
Task: {E6330B07-B6E0-4AB2-A3BC-1DE0EFA502E9} - System32\Tasks\{98BEE4E0-5D27-426B-9A09-264E6210C667} => E:\Launch.exe
Task: {E8F549CE-2410-49F6-8610-C90097D5795F} - System32\Tasks\Norton 360\Norton 360 Premier Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.10.0.83\SymErr.exe [2017-06-30] (Symantec Corporation)
Task: {EA0C72F2-AFF0-4E00-86AD-B2F0F3E494CA} - System32\Tasks\Norton One\Norton Error Analyzer => C:\Program Files (x86)\Norton One\Engine\3.2.2.12\SymErr.exe
Task: {EC18DD49-DE16-4FDD-A869-34C26B844DC6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {EDD1AE4E-D926-40E3-8BAD-BA665D377A4A} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.10.0.83\WSCStub.exe [2017-06-30] (Symantec Corporation)
Task: {EE849926-7B73-4DE0-9049-38FB8219DFB5} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {F6184EF0-216E-4A66-B005-53F427929D61} - System32\Tasks\{5981D125-864B-4664-8CB5-29695FC3890F} => C:\Windows\system32\pcalua.exe -a C:\Users\Coastmom\Downloads\EOrg2015.exe -d C:\Users\Coastmom\Downloads
Task: {F6A9560C-2848-47D1-AD09-6D32A92C723E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1459357452-663562519-2726307472-1000UA1d12ed25638293 => C:\Users\Coastmom\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FD37C417-5328-4AA3-8FA8-FF1E8E9C304E} - System32\Tasks\{516A5172-6FBE-4A32-B751-CBB81F0CD18D} => C:\Windows\system32\pcalua.exe -a C:\Users\Coastmom\Downloads\sp52814.exe -d C:\Users\Coastmom\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1459357452-663562519-2726307472-1000Core.job => C:\Users\Coastmom\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1459357452-663562519-2726307472-1000UA.job => C:\Users\Coastmom\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForCoastmom.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Coastmom\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
Shortcut: C:\Users\Coastmom\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

ShortcutWithArgument: C:\Users\Coastmom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"

==================== Loaded Modules (Whitelisted) ==============

2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-01-05 15:53 - 2011-01-05 15:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2016-03-17 08:54 - 2017-07-07 10:35 - 08932040 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2014-02-21 15:07 - 2014-02-21 15:07 - 00089088 _____ () C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll
2015-11-30 19:13 - 2005-04-22 00:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2011-12-04 17:16 - 2011-06-06 15:23 - 01183096 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2011-10-07 05:39 - 2011-10-07 05:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2017-06-08 18:10 - 2017-06-08 18:10 - 00013312 _____ () C:\Program Files (x86)\CrashPlan\md5.dll
2017-06-08 18:10 - 2017-06-08 18:10 - 00209368 _____ () \\?\C:\Program Files (x86)\CrashPlan\cpnative.dll
2017-06-08 18:10 - 2017-06-08 18:10 - 00071168 _____ () \\?\C:\Program Files (x86)\CrashPlan\c42archive.dll
2017-06-08 18:10 - 2017-06-08 18:10 - 00436224 _____ () \\?\C:\Program Files (x86)\CrashPlan\libleveldb.dll
2013-10-31 11:05 - 2013-10-31 11:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2014-10-01 22:54 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-10-01 22:55 - 2014-06-16 15:44 - 00954880 _____ () C:\Program Files (x86)\ControlCenter4\BrImgProc.dll
2017-06-12 15:04 - 2017-06-12 15:04 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\7e0c76c70c4842d9ded50a562dd61030\IsdiInterop.ni.dll
2011-05-21 05:52 - 2011-04-30 00:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1 [112]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Bsecure => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1459357452-663562519-2726307472-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Coastmom\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 4.4.4.4 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: N360 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Coastmom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Citrix Receiver.lnk => C:\Windows\pss\Citrix Receiver.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Coastmom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
MSCONFIG\startupreg: PDFHook => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
MSCONFIG\startupreg: pronto => "C:\Program Files (x86)\Blackboard\Blackboard IM\blackboardim.exe"
MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: WebDictate => "C:\Program Files (x86)\NCH Software\WebDictate\webdictate.exe" -logon

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BE255083-2456-42BA-B5F0-F8C70192A5CA}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{9FF5A624-14EC-4895-A565-C58F3EC75357}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{8690AA57-43D7-49C0-8C75-80E83B2622BB}] => (Allow) C:\Users\Coastmom\AppData\Local\Temp\7zS65B6\setup\hpznui40.exe
FirewallRules: [{5ECF5931-07F9-469C-AFFE-27390C0FE7ED}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{302CF5D1-F473-4581-A0DE-EAE90AC9D50E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{5BB74467-1B29-48BF-9181-4C1D9C173700}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{779F2108-365D-4B6D-8CD5-4E6AE14A522F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{9EEF97D9-93F1-40E1-BE00-3FDCA9C23FDC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{E77A85D9-2566-46A1-A4B0-87E859C39E40}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{064A9F51-17FB-46E5-B056-39CFC6B763B5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{F641013D-C883-422F-969D-FE473B2FBC77}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{1C63871F-0955-43FE-A425-606C2DDE3EC1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{DBC894EF-3731-46BE-AB2B-50E951830006}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{A2ED841D-6076-4E7B-A365-601E67D8F182}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{8F29D1A5-1F36-4E18-AE78-63BD30650058}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{177CC640-439D-4EE7-A5A5-6A020DD4EF82}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{FCDDD272-A720-45C0-92F4-FEE7AAE77AA1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{8B2D620E-67F9-49F4-8B95-5C8CA76F7D39}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{D54D1E3E-FAE5-4596-9EB9-BFD234E89A50}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{5BF073C7-3A90-4EAB-8D5C-E1A08233CF76}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{40253531-A11A-468C-8347-0222B6CA5437}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{B55516BA-2292-4BC3-BB6E-B650B473CE33}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{A9852FB6-AEAE-46E8-A206-4B9488989AA1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{83FFCF06-E53C-4240-AE29-B64AD3064C8A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{6F78A522-C404-41D4-948F-3BC0E78C487C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{D73431D8-0772-4E0F-99EE-6BA645BC9F14}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{23F7D1AF-14B6-479F-A6C8-21749D87A452}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{6B5CC23E-8857-4DDA-8CDA-0FBB5CBA09A5}] => (Allow) C:\Users\Coastmom\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{DAD79866-691C-4DC5-96C0-E4D78F3E365F}] => (Allow) C:\Users\Coastmom\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{1C18972C-289E-46B1-85F5-790F238E2A04}C:\users\coastmom\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\coastmom\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{81083910-0701-47D5-9E43-87A7FD063A5A}C:\users\coastmom\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\coastmom\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{FA804DD2-C8B6-4D41-85D4-E77624977C37}] => (Allow) C:\Users\Coastmom\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{2F944813-DA20-4BCE-BAFA-4C8D42FCBEB5}] => (Allow) C:\Users\Coastmom\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{A3EFC563-7AD3-4BFF-95D0-5903ADC9932C}] => (Allow) C:\Users\Coastmom\AppData\Local\Temp\7zS42D8\hppiw.exe
FirewallRules: [{56934847-DB1E-4DB9-A7AF-3E21B5265DCD}] => (Allow) C:\Users\Coastmom\AppData\Local\Temp\7zS42D8\hppiw.exe
FirewallRules: [{D350AC09-0D1F-45CB-AB46-2ACF57F3784A}] => (Allow) C:\Users\Coastmom\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{EACF04AB-D20C-4BD1-B347-695526503988}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{AECA8B03-C768-46B2-B7A0-2E938160C4E4}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{04A167A3-12BE-4D4D-B737-BB5A85B56C70}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{5EAD02E2-4EF6-424F-866C-79C86899A6CF}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{3508EB55-1C3C-4E51-8BF9-FE936BBCFBF3}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{3C2F4F58-4CBE-4F49-B0B6-34683D99CF1B}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{85B72CC0-634B-447B-8AF9-4B41345D11C4}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{41B4118D-CE6B-4C75-9604-6CAA16C623EE}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{D6D110C5-EA18-403F-B161-386608AF1AEF}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{08EF9F03-8D0F-4490-8E21-352B00A3C292}] => (Allow) C:\Program Files (x86)\Fiddler2\Fiddler.exe
FirewallRules: [{F29A2783-90AA-47D2-B0BB-C33DAFC5654E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [TCP Query User{2B68DB45-DA9C-44A3-93CF-64F3D3C798BF}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{B32C193A-4E76-4181-8DEA-A7B9BDBF197F}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{C85203A2-6F55-48D8-9968-F1E99BFA0681}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{603432EF-7604-40BB-BCB0-62406188E7C3}] => (Allow) LPort=2869
FirewallRules: [{3C3BE902-D119-41A3-B0D3-3B79559B7E7D}] => (Allow) LPort=1900
FirewallRules: [{EE61C32A-E01F-4DC2-963A-C21A837B67BD}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{78F42DE3-93D6-441B-96FA-2CE683A80386}] => (Allow) C:\Users\Chiara\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{AE04F2F0-88BD-4D33-BC0B-B56B74F78757}] => (Allow) C:\Users\Chiara\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{46C00ABE-489F-43BE-9D0F-4EA90B236198}] => (Allow) C:\Users\Chiara\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{1BD5FA3B-6617-48A4-A463-900A1B0C21DE}] => (Allow) C:\Users\Chiara\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{3FBEF47F-D39B-4863-A4E0-77B9E61C4343}] => (Allow) C:\Program Files (x86)\AVG\AVG Family Safety\InetCtrl.exe
FirewallRules: [{9C0ACABD-BF40-45E8-8961-5F1CA9DA46BD}] => (Allow) C:\Program Files (x86)\AVG\AVG Family Safety\InetCtrl.exe
FirewallRules: [{5407C4FF-A13D-4A3D-82E8-626056B8D507}] => (Allow) C:\Users\Coastmom\AppData\Local\Temp\7zS1003\HPDiagnosticCoreUI.exe
FirewallRules: [{6C7AB954-9FF9-4B4C-B0C7-3FB8CF7CCCBE}] => (Allow) C:\Users\Coastmom\AppData\Local\Temp\7zS1003\HPDiagnosticCoreUI.exe
FirewallRules: [{18B2E89D-F182-41D9-8692-FF8E7800B863}] => (Allow) C:\Users\Coastmom\AppData\Local\Temp\7zS11D9\hppiw.exe
FirewallRules: [{87A5A7E6-454C-49EE-A9B1-FD578612BB99}] => (Allow) C:\Users\Coastmom\AppData\Local\Temp\7zS11D9\hppiw.exe
FirewallRules: [{426CBA12-348E-491E-A4E9-047F5F9B0B3D}] => (Allow) C:\Users\Coastmom\AppData\Local\Temp\7zS1698\hppiw.exe
FirewallRules: [{A60E431D-B9FA-45C2-B02D-D6B584D9FEC0}] => (Allow) C:\Users\Coastmom\AppData\Local\Temp\7zS1698\hppiw.exe
FirewallRules: [{5AD417F5-55C2-4DE3-B2CC-24575F4FA8EC}] => (Allow) C:\Users\Coastmom\AppData\Local\Temp\7zS2A30\hppiw.exe
FirewallRules: [{AFFD7689-F845-4EC7-84DC-08A6BE6005E3}] => (Allow) C:\Users\Coastmom\AppData\Local\Temp\7zS2A30\hppiw.exe
FirewallRules: [{30FF8521-DC8D-4B63-A00D-90E63DA6FF5A}] => (Allow) C:\Users\Coastmom\AppData\Local\Temp\7zS63F8\HPDiagnosticCoreUI.exe
FirewallRules: [{28EA272D-65AF-4545-B8C4-B22D1F05D87F}] => (Allow) C:\Users\Coastmom\AppData\Local\Temp\7zS63F8\HPDiagnosticCoreUI.exe
FirewallRules: [{C8B648ED-F5B5-4AD2-AE80-3ADA6FCC6169}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{815632C7-EEBF-474E-9F94-367AFE4516B3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{C6175E8A-1FE1-46BE-BA99-59455A614979}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C148783A-91EB-4400-8AB9-920D8072B4D6}] => (Allow) c:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{ABC23DEC-43CA-410D-B593-421558539630}] => (Allow) c:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{FEBCABFC-9FDA-4224-AAAA-9DF9CD2E58CC}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13b\FAXRX.EXE
FirewallRules: [{75F7FA52-1535-43D6-BD45-A410A08AAAE3}] => (Allow) LPort=54925
FirewallRules: [{BFCE8A31-C595-47A0-A5E4-05F682E5625E}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe
FirewallRules: [{148C95EF-AEAB-4ADD-A624-A1CA4732AADE}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{2A97DCE3-7571-4B82-ADAB-DC3D7C7720EA}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{D36F95DE-3769-4283-BE1C-377C32BA8C1C}] => (Allow) C:\Program Files (x86)\NCH Software\WebDictate\webdictate.exe
FirewallRules: [{DA3445C0-B829-4113-B864-B473F0A329F9}] => (Allow) C:\Program Files (x86)\NCH Software\WebDictate\webdictate.exe
FirewallRules: [{E3061DED-E6FF-4520-A4DF-4F0E00C8C4FA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{3C955EDE-A483-4CF8-AE64-8DFA5B310647}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F2AFF2DB-9994-4DB5-AFB6-8C6369FE4028}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7E3D1FBD-2977-4C7E-9638-FD7161772732}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E8E4C009-5FAB-47C7-ABAA-260B8BAFF67F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{331F2673-2446-4245-80FA-CFD8EF7695C0}] => (Allow) C:\Program Files (x86)\CrashPlan\CrashPlanService.exe
FirewallRules: [{C71C319B-1940-43F8-B428-6AC78782319D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{5343ED18-CA2D-4010-A489-878F1A475B5D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{263A2D9B-AAC5-405B-82EC-D9BDC8DD77A1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe

==================== Restore Points =========================

10-07-2017 17:12:06 Windows Update
12-07-2017 15:39:57 Windows Update
12-07-2017 16:23:27 Windows Update
19-07-2017 09:23:29 Windows Update
19-07-2017 11:28:42 Windows Update
19-07-2017 12:52:26 Windows Update
19-07-2017 23:31:33 Windows Update

==================== Faulty Device Manager Devices =============

Name: Intel(R) WiFi Link 1000 BGN
Description: Intel(R) WiFi Link 1000 BGN
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNs64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C6100 series
Description: Photosmart C6100 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/21/2017 08:52:01 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/21/2017 08:51:56 AM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0006; CorrelationId: {242256BF-B84B-437A-A265-18E6AD024A21}

Error: (07/21/2017 08:36:43 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\iMacTools\iBackup Viewer\iBackup Viewer.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/21/2017 08:15:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/19/2017 11:28:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/19/2017 11:15:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/19/2017 10:53:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/19/2017 10:39:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\iMacTools\iBackup Viewer\iBackup Viewer.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/19/2017 10:39:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\iMacTools\iBackup Viewer\iBackup Viewer.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/19/2017 02:05:10 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2017/07/19 14:05:10.185]: [00004036]: Initialize TwdsMain Class failed!


System errors:
=============
Error: (07/21/2017 08:22:48 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (07/21/2017 08:18:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The globalUpdate Update Service (globalUpdate) service failed to start due to the following error:
The system cannot find the file specified.

Error: (07/21/2017 08:16:31 AM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: The DHCP allocator has disabled itself on IP address 192.168.0.100, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.

Error: (07/21/2017 08:16:31 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.

Error: (07/21/2017 08:16:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (07/21/2017 08:15:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CyberGhost 5 Client Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/21/2017 08:15:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the CyberGhost 5 Client Service service to connect.

Error: (07/21/2017 08:15:10 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (07/21/2017 08:14:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG Family Safety service failed to start due to the following error:
The system cannot find the file specified.

Error: (07/20/2017 09:03:03 AM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: The DHCP allocator has disabled itself on IP address 192.168.0.100, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.


CodeIntegrity:
===================================
Date: 2013-05-19 16:08:10.586
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-19 16:08:10.530
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-19 16:07:12.562
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-19 16:07:12.492
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-19 16:06:20.327
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-19 16:06:20.266
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-19 16:06:17.489
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-19 16:06:17.409
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-19 16:06:16.535
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-19 16:06:16.471
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 80%
Total physical RAM: 6091.86 MB
Available physical RAM: 1204.73 MB
Total Virtual: 6154.04 MB
Available Virtual: 1189.56 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:582.02 GB) (Free:312.56 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:13.85 GB) (Free:1.54 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: D0E0CD91)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=582 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End of Addition.txt ============================
 
Please do the following.

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.


Step#2 - Uninstalls
Please uninstall the following programs. After they are uninstalled and you reboot, you may re-install ONLY if you are using it. I highly recommend against re-installing Netgear Genie unless you can't live without it. It can cause conflicts and slowdowns on the network.

NETGEAR Genie
Norton 360 Premier
Norton Anti-Theft
 

Attachments

Ok, doing that now. Of the three programs above, I DO use Norton 360 as my security software. Do you not recommend it? I have 4 months left on my paid subscription. Is there a better alternative? I also like the "safe search" addon to my browser. Interested in your opinion.
 
Log below. Please see my question above. I am uninstalling the netgear app and the Norton antitheft but keeping norton 360 pending your reply:

Ran by Coastmom (22-07-2017 10:27:59) Run:1
Running from C:\Users\Coastmom\Desktop
Loaded Profiles: Coastmom (Available Profiles: Coastmom & Chiara & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
S2 Bsecure; C:\Program Files (x86)\AVG\AVG Family Safety\InetCtrl.exe [X]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] <==== ATTENTION

*****************

Restore point was successfully created.
HKLM\System\CurrentControlSet\Services\Bsecure => key removed successfully
Bsecure => service removed successfully
HKLM\System\CurrentControlSet\Services\globalUpdate => key removed successfully
globalUpdate => service removed successfully
HKLM\System\CurrentControlSet\Services\globalUpdatem => key removed successfully
globalUpdatem => service removed successfully

==== End of Fixlog 10:28:58 ====
 
Ok, doing that now. Of the three programs above, I DO use Norton 360 as my security software. Do you not recommend it? I have 4 months left on my paid subscription. Is there a better alternative? I also like the "safe search" addon to my browser. Interested in your opinion.

I personally don't like Norton products. I've had experience with them at home as well as at work and have seen too many issues/conflicts that it caused. This is only my opinion. For home users if they want a free antivirus I always recommend Microsoft Security Essentials. If they want a paid version I usually recommend ESET Nod32 but again it's only my opinion.

At this point you should be all set. Let me know if you have any other issues.

Take care.
 
Thank you so much for all your help, AND for that recommendation. Everything is running much more smoothly now. Donation to sysnative coming!

Denys
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top